While it's true that after you set up MFA, Firestorm (being now MFA compatible) will then require it, you can still log into SL using other non-MFA compatible viewers with no issue.
For instance, despite having MFA enabled on my account, I was able to log in using the very old Lumiya viewer on my cell phone, despite it obviously not having MFA capabilities.... so at this point, MFA does not really provide added security for in-world access (it does provide security for accessing your account on LL's website however).
I'm curious as to when LL will close that loophole, per their announcement I quoted above.