https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28786 --- Comment #85 from Marcel de Rooy <m.de.rooy@rijksmuseum.nl> --- Great! We have a base for 2FA in staff herewith. Imo we could push this while keeping in mind that several follow-up reports are in the pipeline including encrypting the secret, not exposing the secret via a Google Charts URL, and others. Early push will make us aware of problems in connection to changes in C4/Auth done here. Note: The secret being passed in again has the protection of the CSRF token. It would be nice however to discuss the expiry time of these tokens. We have 8 hours still. Should we be more strict? Open a new report and propose something. -- You are receiving this mail because: You are watching all bug changes.