NOTE: I’m not the author!
@wonderm00n – did you ever figure away around this? There front door way is to:
1. enable TFA plugin
2. go to YOURSITE/wp-admin/options-general.php?page=two-factor-auth
3. Ensure under “Change User Settings” all users are set to “Email”
This way the moment a user tries to log in they’ll be emailed their TFA number. The user can then go to YOURSITE/wp-admin/admin.php?page=two-factor-auth-user and change it to use google authenticator (aka “use 3rd party app”) if they so desire.
The backdoor way is to look in the wp_usermeta table in your database and you can pull out the panic codes where “meta-key” is “tfa_panic_codes_64” and then unserialize the array. DO NOT DO THIS IF YOU DON’T KNOW WHAT YOU’RE DOING! Reading values directly from the database is handy, but NOT the way the author intended you to access data.
Hey all the TOTP protocol used for this plugin is time sensitive. If the server you’re running your wordpress on has the wrong time, likely this plugin will not work. Thought I’m not the author, I’d suggest looking into making sure the time on your server and phone is correct!
