Configuration
While Two Factor does have a config file, it is unlikely you will need it.
You can use variables in your .env to configure this addon's behaviour. These three variables are available:
1STATAMIC_TWO_FACTOR_ENABLED=true2STATAMIC_TWO_FACTOR_ATTEMPTS_ALLOWED=53STATAMIC_TWO_FACTOR_VALIDITY=43200Enabled
Use STATAMIC_TWO_FACTOR_ENABLED to control if the addon will enable or disable two factor authentication.
This can be true or false. When not set, will default to false (in other words, you need to explicitly enable this addon).
On your local dev environment, you may like to set this to false to avoid two factor challenges on your local setup.
On your staging/production environments, set this to true to enable two factor challenges.
Number of failed attempts
Users are allowed a limited number of attempts before their account is locked (and requires admin or server-level changes to unlock).
By default, this is 5. After 5 failed attempts, their account is locked.
Validity
The validity is the number of minutes before users should be re-challenged, or null.
Set to a number, such as 43200 (30 days), to re-challenge a logged in user every 30 days. This is useful when using Statamic's "remember me" function.
Set to null to disable re-challenging users.