As other comments have pointed out, devices (mobile and desktop app) do require
2FA and there's no way around that. So I'm assuming you meant the keybase.io
website where you can log in with username and password.
Note that the functionality of the website is very limited. You can't access
any chat messages or non-public KBFS data, for example. The most power thing
you can do is resetting your account, and after that is probably using your PGP
key if you uploaded an encrypted version of your private key to Keybase. If
this worries you, you should turn on lockdown mode [0] to require a device to
access those features.
After forgetting my password a few weeks or so after first creating my account (I went a long time without ever trying out Keybase, because its value proposition AFAICT wasn't very interesting up until around a year and a half ago), I had Max reset my account. I was left with mixed feelings about this:
1. Extreme gratefulness esp. wrt the hands-on approach to "customer" support, but concern for the scalability of a process that require that level of manual involvement, and
2. Concerns with how easy it was to get keybase.io/$MYNAME disconnected and reconnected by the Keybase switchboard operators
... and I wondered why Keybase's proof system didn't play a part in authenticating me.
For example: Let's say I create a Keybase account, forget my password, and realize I'm not logged in on any device. If I need to reset an account that has N social proofs, wouldn't it be a good idea for Keybase to make me prove that I am who I say I am by adding/altering M of N proofs?
And on that note:
Given that you're rolling out third-party integration, how about building off OP's thoughts, so a Keybase user can configure their account to say, "You should be able to verify that $SERVICE implements the optional 2FA parts of the Keybase integration spec; please use $SERVICE as the 2FA provider for this account."
Note that the functionality of the website is very limited. You can't access any chat messages or non-public KBFS data, for example. The most power thing you can do is resetting your account, and after that is probably using your PGP key if you uploaded an encrypted version of your private key to Keybase. If this worries you, you should turn on lockdown mode [0] to require a device to access those features.
[0] https://keybase.io/docs/lockdown/index