When I enforce two-factor authentication to all users in admin -> security and login for the first time I'm only presented with a QR code. Which works if you have an app which can scan qr codes but if you don't have a mobile phone and would need the secret key for your 2fa to work you are locked out basically. My suggestion is that when a user is first successfully login in we present the user with a qr code and secret. My php skills are quite bad but I managed to add the secret key to the login form like this:
When I enforce two-factor authentication to all users in admin -> security and login for the first time I'm only presented with a QR code. Which works if you have an app which can scan qr codes but if you don't have a mobile phone and would need the secret key for your 2fa to work you are locked out basically. My suggestion is that when a user is first successfully login in we present the user with a qr code and secret. My php skills are quite bad but I managed to add the secret key to the login form like this: