Hi, Mod Rascasse from the Publishing Platform team here.
Wanted to clarify how this will work on Jagex accounts. By default every account will be protected by 2-step verification. To log in you'll require your email and password, plus a single-use code we send to your email address.
App-based MFA is an additional option you can enable on your account. When you set this up you'll also receive several backup codes that can be used to log in should you lose access to the app. This set up process also disables email verification codes, so if you leave your account in this state, you'll need your account password plus the code from the app OR a backup code to log in.
If you're comfortable with your email security you can then choose to re-enable email as a way to verify logins, should you wish. The screenshot is from an account with all 3 verification options enabled.