Very simply, I made a very simple to follow video with all the basics that you should definitely watch first.
How do I let users set Two-Step Authorization on their account?There are 4 ways of letting users set the system:
Emergency passwords are a safety device against unpredictable circumstances. They are also a security hazard. If this is clear as mud, please watch this video that will explain everything there is to know about Emergency passwords.
What's the Relax Mode for?Google Authenticator provides you with codes that have a limited lifespan of about 1 minute. The timer for each code lasts 30 seconds and once the timer has gone all the way and the code mutates, you still have about 30 seconds to use the previous code. After that, it is not valid anymore.
With the Relax Mode, that extra time is increased to 2 minutes instead of 30 seconds so you'll get a total of 2 minutes and 30 seconds to use a code. That's in case you really do need all that time to enter your code.
When should I rescan the QR code with my phone?If you modify the Description and/or the Secret Key, you must rescan the new QR code. Those are the 2 elements Google Authenticator uses to generate your codes.
It can happen sometimes if your Google Authenticator app (on your phone) is not correctly time-synchronized. Fixing this issue is extremely easy.
If that didn't work, you are probably NOT doing everything right. Look at the next item: I'm totally locked out of my account, what do I do?
I'm totally locked out of my account, what do I do?Please note: there is nothing I can do to help if you have lost your normal account credentials (username or email and password). That is a situation that has nothing to do with this add-on.
If you are locked out of your account you have 2 options, each with its own pros and cons.
SUPER IMPORTANT: if your cache is set to cache overrides, you will need to manually empty your cache. Otherwise, trying to log-in will throw an error every time. To manually empty the cache, on your server, go to your application\files\cache directory and delete everything. Then you can log-in normally and re-activate Two-Factor Authentication.
Be aware that by doing so you are disabling Two-Factor Authentication for everybody across the whole website. As soon as you have regained access to your account, I strongly suggest you go to the Settings page and re-enable Two-Factor Authentication. If you do so, other users will not need to do anything as their Two-factor Authentication settings will still be valid.