I'm all for the security upgrade and submitted a feature request (Ticket 802892) for 2FA earlier this summer. So I'm glad to hear that is coming.
My suggestion is that the two-screen login only occurs when the system sees that it needs the TOTP code to complete. If an account doesn't have 2FA enabled that second screen doesn't need to be shown.
Use any major site as an example, like Facebook. If you visit Facebook.com there is a username/password login form at the top right of the page. Enter your credentials there and click Log In. If the account does not have 2FA enabled they are immediately logged in. If they do have 2FA enabled they are redirected to a second screen to enter their TOTP code.
Following this model would mean regular end users never see that second screen, only staff members with 2FA enabled will.
Maybe just rename the link "Staff login" as an alternative? Or just have a dedicated login page/process that staff need to use instead of the public one?
I guess you can't just expose the TOTP field when needed for accounts that have 2FA active? This is how most sites work. The username/password field is exposed to all, then when you try to login with an account that requires 2FA you get directed to a second form to enter your TOTP code and complete the login.
This is how we do it and it works fine.
Woohoo! Glad to see this feature is being rolled out:
Quickly go from an article straight to the asset in the BLOX CMS admin
Of course for it to be useful for us we'd need it to link into TotalCMS. Any chance that might still be on the horizon?
Agreed, it doesn't make much sense to expose this here. What problem is this solving for Town News staff?
I just came to make this feature request and see Mike beat me to it by six years! Any progress on this one?
I'd specifically like to see Abuse Reports under the History tab of Comments in the system.
This should include the time the Abuse Report was made and the email of the user who made the report.
About time! I asked for this two years ago:
I know this has been discussed here before and is still greatly needed.
Customer support service by UserEcho