[docs] Clarify 2FA bypass requirements for access tokens in package publishing

Author: shmam

content/integrations/integrating-npm-with-external-services/creating-and-viewing-access-tokens.mdx

@@ -25,6 +25,7 @@ You can [create](#creating-access-tokens) and [view](#viewing-access-tokens) acc
 5. (Optional) Check the **Bypass two-factor authentication** checkbox if you want this token to bypass 2FA requirements for write actions.
    - This setting is unchecked (false) by default
    - By checking this box, the token will bypass 2FA for write actions even if 2FA is enabled at the account or package level
+   - **Note:** For publishing packages, you must have either 2FA enabled on your account OR use a token with bypass 2FA enabled.
 
 6. In the **Expiration** field, enter a token expiration period. The date must be at least 1 day in the future.