Mandatory Two-Factor Authentication (2FA) for NetSuite Access
NetSuite requires two-factor authentication (2FA) for all Administrator and other highly privileged roles when logging to any NetSuite account. This includes production, sandbox, development, and Release Preview accounts. The Administrator and highly privileged roles are set as 2FA required by default. This requirement can't be removed. Some highly privileged permissions are also set to be 2FA required by default. You can see any standard or customized roles that include these permissions in the Two-Factor Authentication Required column on the Two-Factor Authentication Roles page. For more information, see Permissions Requiring Two-Factor Authentication (2FA).
All non-UI access through an Application Programming Interface, or API, such as web services and RESTlets are also 2FA-required. 2FA-required roles can't use user credentials for API authentication.