Setup More detailed setup instructions for MFA testing can be found in MDL-78509 , the following setup are just the basics and there is some assumed knowledge. Apply the patch Log into the site as an admin Navigate to: Site administration > plugins > administration tools > Multi-factor authentication In the factor table enable the factor "Authenticator app". The factor defaults can be left as they are: Scroll down to "General MFA Settings" Enable the "MFA plugin enabled" Checkbox Click save changes While still logged in as an admin, click on the users profile picture from the top nav bar. Click "preferences" Under "User account" click on "Multi-factor authentication" Click "Setup App" and follow the instructions to set up your TOTP authenticator app factor Log out the administrator user Tests Enter the username and password and click login for the admin user you set up the factors for Enter an incorrect TOTP token and Confirm that the token input field becomes readonly (grey) and the "Continue"-button disabled, before the page quickly reloads (although this might be hard to spot on local instances because of the low latency) After the page has loaded again, click on the token input field, press the arrow keys, the escape key and Ctrl+A and Confirm that the key presses did not cause a failed attempt, so you still have for example 9 attempts left   The attempt counter can be reset by inputting a valid authentication token from your TOTP app and logging out and in again.   NOTE : If you mess things up and locked yourself out, you can disable the whole MFA plugin from the CLI : php admin/cli/cfg.php --component=tool_mfa --name=enabled --set=0