• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Option to disable email-based 2FA

Shiro

Well-known member
#2
I require my staff members (in policy) to use TOTP 2FA tokens. It would be nice if there was a way to disable email tokens entirely. While I view the option of email tokens as valid for some communities, I would like to require a higher level of security and reliability. I support this suggestion.
 

Liam W

Well-known member
#3
The providers are available in the database, I'm surprised they weren't extended to the frontend to allow for customisation, including changing the display order.

Liam
 

Chris D

XenForo developer
Staff member
#4
I assume you already know, but in lieu of the suggestion being implemented via a UI, you can just disable the provider by changing active to 0 for the email provider.
 

Xon

Well-known member
#5
I assume you already know, but in lieu of the suggestion being implemented via a UI, you can just disable the provider by changing active to 0 for the email provider.
The problem is I've got people already using it, so will need todo some juggling to get it disabled without surprising people that their 2FA has been disabled.