Unless a user specifically selects "Remember me" when using Two-factor authentication (2FA), then the user should be challenged each time they log in to a device, no matter the browser. 

For example, when working in areas where security is an issue, a customer needs to know their account is secure and that any attempt to log into HubSpot will be challenged with 2FA. 

Examples of other products that require 2FA every time a log-in attempt is made unless the customer chooses otherwise: every other product that offers 2FA (or so it seems).