Extension:OATHAuth

The OathAuth extension provides two-factor authentication support. By default, this includes a time-based one-time password (TOTP) implementation that allows users to generate 2FA codes from their phone or desktop app. Client support is available for most feature phones, smartphones and desktops.

Usage
The help page on Two-factor authentication provides information for end users on how to use this extension. However the special page used will also guide users.

Parameters
OATHAuth also adds a key to the array to define rate limits for authentication attempts:

Note that the key is available only since 1.35. Earlier version have to rely on and perhaps. See the documentation of for details.

User permission

 * Granting access to enable OATHAuth :

Users should be given access to the user right so that they can enable it at Special:OATHAuth (a link to which appears at Special:Preferences ).

The above will grant all registered users access to enable OATHAuth.

Administration
In the event that a user both loses their token generator AND the recovery tokens; two-factor authentication may be removed from the user by deleting their row from the database table. Alternatively, a sysadmin with shell access may type on a command line and then execute  where  is the user to have 2FA disabled.
 * Resetting a user token :