urm, correction.
I've got fetchmail running via cron quite happily on 2fa'd gmail accounts.
You just need to give your email a slightly bigger attack surface - and yes, I mean that.
If you go to the right bit of their website and click in the right places, they issue you with an 'application password' - a medium-sized random string - for you to cut and paste into your fetchmail/grabmail/etc config file.
It probably won't work to login via webmail, but it works for IMAP clients.