Users may enable two factor authentication for additional security to their account. A SYSTEM admin user will need to enable multi-factor authentication in Control Panel, Password Policy, Multi-Factor Authentication.
Once enabled, end users can enable it for their account under My Account, Manage MFA. A QR code is provided for convenience. The multi-factor authentication implementation is specified in RFC 6238 also known as OATH TOTP. You can use virtual MFA devices like the Google Authenticator or AWS Virtual MFA.
If a user has lost their MFA secret key, only a USER Admin can reset or disable the MFA for the user.