In addition to regular authentication via username/password or SSO, a second layer of security can be configured, permitting access only if a time-based one-time password is supplied, typically generated/stored on a mobile device.
The Two-Factor Authentication plugin will expose this feature to end-users, allowing them to configure their devices and enabling this enhanced security on their account.
Install the plugin via the ACP/Plugins page.
Token Generation Step
Challenge Step