Despite the potential of this extension that could actually enhance the security of users on Xenforo, the developers behind this extension are absolutely not listening to these customers and drag to update the extension after sending more than 20 emails about problems of use with YubiKey or double authentication by SMS, the two important features to the extension does not work badly or not at all. The extension has potential but not the team that maintains it.
Regarding double authentication by SMS, if you're referring to the fact that if a new login is initiated where SMS is the 2FA method that a new code is sent out, this is as-designed behaviour and not a bug - and this is the same behaviour most sites implementing SMS for 2FA use. We're aware of a concern that this could be abused to spam requests and will consider implementing some sort of maximum limit in a period, but note that this could also result in locking legitimate users out of accounts.
Regarding Yubikey, we're aware of some concerns getting it to work. In most cases, these can be due to incorrect configuration. Your board URL must be the same URL as the one the user is accessing it from, and you must use HTTPS. If you're certain these conditions are fulfilled, and have tried the latest version, please make a ticket so we can further investigate.