I have introduced 2FA invalid code 6 times and it looks the account is never blocked. So it would be nice "Maximum login attempts" applied to code too for avoiding brute force attacks.
Most of times I connect from same LAN or VPN, I would like 2FA could config for all connections (like now) or for public IPs only. This would be very simple, however with ioncube I can do it.
Customer support service by UserEcho