For the sysPass authorization it could be possible to use several methods:

The Auth Basic authorization is always being checked, so if the HTTP headers within the user data are being sent, it will be checked whether the sysPass user’s login matches with the Auth Basic one.

The 2FA authorization through the Authenticator plugin is done by generating an OTP token from the Google Authenticator application. This authorization could be enabled from the users’ preferences.