As stated already, account already IS viewer only sub account. has been for years, and has never had 2FA enabled. I never even log into the account through Xfinity portal or use the Comcast provided email. it is used only for Channels DVR TVE.
The point is, it may soon matter not it being a sub account, Xfinity may REQUIRE 2FA regardless.
Which, i can't really blame them, 2FA is a good thing.
These days, one should have 2FA as bare minimum for security.
The devs need to support 2FA, somehow, other wise, TVE via Xfinity will no longer be compatible.
Philo already has form of 2FA, where u have to click a link in an email in order for Channels to authorize (when u first add it in the server).
Surely they can figure out something for other forms of 2fa. If the login page that loads when their scripts try to authorize the TVE, perhaps they can hold and request user input, user enter in the txt code, and it passes it to the script to authorize. something like that. idk