diff --git a/src/applications/transactions/editengine/PhabricatorEditEngine.php b/src/applications/transactions/editengine/PhabricatorEditEngine.php
--- a/src/applications/transactions/editengine/PhabricatorEditEngine.php
+++ b/src/applications/transactions/editengine/PhabricatorEditEngine.php
@@ -1565,11 +1565,19 @@
 
     $comment_uri = $this->getEditURI($object, 'comment/');
 
+    $requires_mfa = false;
+    if ($object instanceof PhabricatorEditEngineMFAInterface) {
+      $mfa_engine = PhabricatorEditEngineMFAEngine::newEngineForObject($object)
+        ->setViewer($viewer);
+      $requires_mfa = $mfa_engine->shouldRequireMFA();
+    }
+
     $view = id(new PhabricatorApplicationTransactionCommentView())
       ->setUser($viewer)
       ->setObjectPHID($object_phid)
       ->setHeaderText($header_text)
       ->setAction($comment_uri)
+      ->setRequiresMFA($requires_mfa)
       ->setSubmitButtonName($button_text);
 
     $draft = PhabricatorVersionedDraft::loadDraft(
diff --git a/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php b/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php
--- a/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php
+++ b/src/applications/transactions/view/PhabricatorApplicationTransactionCommentView.php
@@ -1,9 +1,7 @@
 <?php
 
-/**
- * @concrete-extensible
- */
-class PhabricatorApplicationTransactionCommentView extends AphrontView {
+final class PhabricatorApplicationTransactionCommentView
+  extends AphrontView {
 
   private $submitButtonName;
   private $action;
@@ -24,6 +22,7 @@
   private $infoView;
   private $editEngineLock;
   private $noBorder;
+  private $requiresMFA;
 
   private $currentVersion;
   private $versionedDraft;
@@ -160,6 +159,15 @@
     return $this->editEngineLock;
   }
 
+  public function setRequiresMFA($requires_mfa) {
+    $this->requiresMFA = $requires_mfa;
+    return $this;
+  }
+
+  public function getRequiresMFA() {
+    return $this->requiresMFA;
+  }
+
   public function setTransactionTimeline(
     PhabricatorApplicationTransactionView $timeline) {
 
@@ -187,8 +195,8 @@
           ));
     }
 
-    $user = $this->getUser();
-    if (!$user->isLoggedIn()) {
+    $viewer = $this->getViewer();
+    if (!$viewer->isLoggedIn()) {
       $uri = id(new PhutilURI('/login/'))
         ->setQueryParam('next', (string)$this->getRequestURI());
       return id(new PHUIObjectBoxView())
@@ -203,6 +211,25 @@
             pht('Log In to Comment')));
     }
 
+    if ($this->getRequiresMFA()) {
+      if (!$viewer->getIsEnrolledInMultiFactor()) {
+        $viewer->updateMultiFactorEnrollment();
+        if (!$viewer->getIsEnrolledInMultiFactor()) {
+          $messages = array();
+          $messages[] = pht(
+            'You must provide multi-factor credentials to comment or make '.
+            'changes, but you do not have multi-factor authentication '.
+            'configured on your account.');
+          $messages[] = pht(
+            'To continue, configure multi-factor authentication in Settings.');
+
+          return id(new PHUIInfoView())
+            ->setSeverity(PHUIInfoView::SEVERITY_MFA)
+            ->setErrors($messages);
+        }
+      }
+    }
+
     $data = array();
 
     $comment = $this->renderCommentPanel();
@@ -226,7 +253,7 @@
     }
 
     require_celerity_resource('phui-comment-form-css');
-    $image_uri = $user->getProfileImageURI();
+    $image_uri = $viewer->getProfileImageURI();
     $image = phutil_tag(
       'div',
       array(
@@ -388,6 +415,17 @@
         $form->appendChild($info_view);
       }
 
+      if ($this->getRequiresMFA()) {
+        $message = pht(
+          'You will be required to provide multi-factor credentials to '.
+          'comment or make changes.');
+
+        $form->appendChild(
+          id(new PHUIInfoView())
+            ->setSeverity(PHUIInfoView::SEVERITY_MFA)
+            ->setErrors(array($message)));
+      }
+
       $form->appendChild($invisi_bar);
       $form->addClass('phui-comment-has-actions');