Extension:EmailAuth

The extension allows two-factor authentication via email. While this is less secure than other two-factor methods such as Extension:OATHAuth, this does not have to be set up by the user, it only requires a confirmed email address. As such the extension is mainly meant to be used by system administrators in emergencies (such as a database leak).

The /EmailAuthRequireToken/ hook is used to decide when the second factor is required.