Multiple 2FA methods enabled?

[stfnx]

There is the config option SECURITY_TWO_FACTOR_SELECT_URL which description says:

Specifies the two factor select URL. This is used when the user has setup more than one second factor.

When I first enable 2FA-Mail and then try to enable 2FA-Authenticator, it will replace 2FA-Mail instead of having both enabled.

How am I supposed to activate multiple 2FA methods at the same time?

When I try to access the /tf-select route, it flashes a message that I don't have the permissions.

[jwag956]

This is a limitation in the original 2FA implementation - that only allowed ONE of email, SMS, authenticator - when Webauthn was added I allowed that independent of the existing 2FA - so currently - you can have ONE of email, SMS, authenticator and webauthn. If you enable webauthn - the tf_select endpoint will be available.

Note that email link as a second factor isn't really all that great an idea - and you can user the unified signin feature that allows for std email or username and password, email magic link (no password required) of phone number as the PRIMARY authentication - then use authenticator as your secondary authentication.