markstuart
commented
3 years ago Yes, it does make sense to make at least some of the features able to be disabled. The 2fa implementation is fairly baked into the plugin and would definitely take a bit of thought to extract it in so that it can be disabled.
We're really happy for contributions if you had any ideas of approaches to making the features configurable in that way?
As far as I can tell, this extension forces use of all the features implemented in it. Would it make sense to have configuration options to disable them if needed ?
For example, in principle forcing 2fa is a very good thing, however our end users are often government officials whom often use CACs (https://en.wikipedia.org/wiki/Common_Access_Card) for multifactor authentication and have never even heard of TOTP based software solutions. It would be easier for us to force only some of the security features instead of all of them