This plugin adds two-factor authentication (2FA) to website logins, requiring users to provide a second proof of identity. It is designed for site administrators and users who need to protect accounts from compromise, even if a password is stolen.

Multiple Authentication Methods: Supports time-based one-time passwords (TOTP) for use with apps like Google Authenticator or Authy, email-delivered codes, and one-time-use backup codes for account recovery.

User-Controlled Setup: Each user configures their preferred 2FA method individually through their profile, choosing a primary method and enabling backups to prevent lockout.

Administrator Controls: Site administrators can manage which authentication methods are available site-wide from a dedicated settings page and can assist users with configuration.

Developer Hooks: Provides filters and actions for customizing provider availability, token behavior, and integration with the login flow, allowing for tailored security implementations.

Focus on Accessibility: The methods work across devices and browsers without special hardware, and the interface is designed for clear user guidance during setup and login.