Thanks for the answer. It simply looks like that the Google Authenticator is the only one working on MDL because it's mentioned in Settings as the only one. Thanks.
Bit off-topic Also I was concerned about the hard delete thing. I know you have already thought about this and set proper strategies in place, but just saying: Hard delete this thread? Enter 1st authorized staff person password:______________________ Enter 2nd authorized staff person password:______________________ That is, for hard delete a thread, two staff guys must authorize it...
I can confirm authy and the paid authenticator+ work as well. Google provides the API only... there is actually a way without any 'google'...
Thank you! for implementing 2FA. Just as a heads up, the FOSS PW Manager, KeePass, can handle Timed One-time Passwords (TOTPs) using either of 2 plugins, named (appropriately) KeeOTP and Tray OTP. Both work with this, and I've eliminated the need to use Google Authenticator (and thus plugged a security hole in case someone steals my phone). Setup is easy, upon enabling it for the entry for MDL, you simple have to enter the secret key that the forum generates. What makes it a bit harder is that, most other sites also provide you with the text of the key needed to create the OTP, whereas here you only get a QR code. To get the text, I simply used a BarCode Scanner on my phone, grabbed the secret key, entered it into the KeeOTP window and my code was automatically generated, changing every 30 seconds as it is supposed to. Would it be prudent to display the secret key text as well as the QR Code for future users? If not, then there is still the above workaround if users want to use an app that doesn't directly scan the QR Code....
We're thinking of changing the forums software and what we're thinking of using has a 2FA option built into it already. It's much more feature complete than what I've set up here too, but the implementation is also different. That'll​ mean that you'll have to re-enable 2FA if/when we change the software.
I appreciate the way MDL is transitioning to a more secure format. Ya I know me complimenting anything is like pulling teach but I do actually appreciate this one.