Two Factor Authentication
Two factor authorization is an optional feature for the admin app's login, enabled in the .env environment file:
There are three distinct 2FA login steps. The first is prompting for the email address:
Upon email address validation, a two factor code is emailed to this email address:
Then the second step prompts for this code:
Upon two factor code validation, the third step prompts for the password:
Two factor codes are stored in a separate "twofactorauthentication" database table:
Set allowed number of attempts, and minutes until two factor code expiration, in the library back-end config: