Is it possible to configure this plugin to force 2FA with every login?

Can you add more context to your question?

If the session has been expired the user needs to login. See session.lifetime for the session lifetime.

Please note that the configuration parameter backend.force_remember should be false. If this is true the backend login will be remembered for 5 (!) years.

I have some users that have configured 2FA, and when they log in, they're not being asked to enter a 2FA code.

Is this normal behaviour if backend.force_remember is true?

It's strange because I have logged myself out manually, and I still get asked for 2FA.