Mity Docs Mity Docs for Mity Digital
Two Factor for Statamic Documentation


While Two Factor does have a config file, it is unlikely you will need it.

You can use variables in your .env to configure this addon's behaviour. These three variables are available:



Use STATAMIC_TWO_FACTOR_ENABLED to control if the addon will enable or disable two factor authentication.

This can be true or false. When not set, will default to false (in other words, you need to explicitly enable this addon).

On your local dev environment, you may like to set this to false to avoid two factor challenges on your local setup.

On your staging/production environments, set this to true to enable two factor challenges.

Number of failed attempts

Users are allowed a limited number of attempts before their account is locked (and requires admin or server-level changes to unlock).

By default, this is 5. After 5 failed attempts, their account is locked.


The validity is the number of minutes before users should be re-challenged, or null.

Set to a number, such as 43200 (30 days), to re-challenge a logged in user every 30 days. This is useful when using Statamic's "remember me" function.

Set to null to disable re-challenging users.