I just realized that when 2 factor authentication is enabled for users then all the wp users are redirected upon login to the back-end that really is a security flaw and a loophole which defeats the whole idea of preventing users that has not authenticated by 2 factor authentication to login to your system in the first place: and especially preventing hackers and other bad people from logging in.
Also end-users has no business in your back-end and that is also a secure risk because that exposes what system you as a company are running and why should you give away that information for free, right?
So what I am suggesting is this:
Once you setup 2 Factor Authentication for all users, they are not redirected to the back-end anymore. Instead; once they use their user credentials they are only half logged in and are presented with a required setup wizard on the front-end which request that they setup 2 Factor Authentication right here and now. (They cannot get past this front end screen as this a mandatory user setup process…:wink:. On that Screen is the link to google-authenticator.com and a QR code that they need to scan. Once they have setup and finalized this process they are now presented with the 2 Factor Authentication screen and can now login.
This approach is much more safe and will prevent people that have no rights to your system to login, but also stops people to procrastinate with setting up the 2 Factor Authentication.
By the way; I just got an additional idea regarding all the users that fails at setting up the 2 factor Authentication process:
What about adding a cleanup process that if the user after XYZ amount of days/1 month has not setup his/her 2 Factor Authentication from the front-end and successfully logged-in then “Defender” automatically removed and deleted these non valuable/spam accounts?
That would be an addition great feature and also make your system more safe, secure, cleaner with a leaner database too, and who would not want that right?
So that’s all for this time!
@WPMU-DEV-Community: If you like my idea then +1 it!