You can see which members of your organization should enable two-factor authentication. If a malicious user gains access to your organization, they'll be able to access your repositories and settings.

  1. In the top right corner of any page, click your username. highlighted username

  2. On the left side of your profile page, under "Organizations", click the icon for your organization. organization icons

  3. On the right side of the organization profile page, click People. People panel

  4. Members of your organization without two-factor authentication are listed with an orange triangle. Org member without 2FA

  5. If a member does not have 2FA enabled, they can turn it on from their personal account's security settings page.

You can also access the list of organization members lacking 2FA through the GitHub API. Here's an example script demonstrating how to do this.