Email auth + 2FA

[KimmoSalonen]

Is possible to implement 2FA (TOTP) with the email auth, because seems that 2FA is requiring password field?

[janko]

Yes, TOTP setup only requires a password for accounts that have one. If the user has never set up a password for their account, and are logging in through other means (email auth, OmniAuth, passkey), Rodauth won't ask for password on TOTP setup. Moreover, you can always set two_factor_modifications_require_password? to false in your Rodauth configuration to not require a password even if the account has one.

[KimmoSalonen]

I have implemented login only with email_auth and i don't have password field at the model/database because i don't need it.
So i have to add password field to get this work?

[janko]

The account_password_hash_column needs to be set to some symbol in order for Rodauth not to fall back to database functions + separate password hashes table, but it doesn't seem that this column needs to actually exist on the accounts table. Just be sure to set create_account_set_password? false and verify_account_set_password? false, so that registration doesn't ask for password.