Summary
As an administrator, I want to activate two-factor authentication so that I can reduce the chance of my account being accessed maliciously
Acceptance Criteria
Scenario: User logs in within grace period
Given that I do not have 2FA enabled
And I have permission to access the admin area
And the grace period hasn't expired
When I access the Wordpress admin area
Then I see a notification reminding me to set up 2FA
Scenario: User attempts to login in outside grace period
Given that I do not have 2FA enabled
And that I'm not logged in
And I have permission to access the admin area
And the grace period has expired
When I try to login
Then my account is locked
And I see an error message notifying me that my account has been locked and instructing me how to restore access to it
Additional context
See WP 2FA
Summary
As an administrator, I want to activate two-factor authentication so that I can reduce the chance of my account being accessed maliciously
Acceptance Criteria
Scenario: User logs in within grace period
Given that I do not have 2FA enabled
And I have permission to access the admin area
And the grace period hasn't expired
When I access the Wordpress admin area
Then I see a notification reminding me to set up 2FA
Scenario: User attempts to login in outside grace period
Given that I do not have 2FA enabled
And that I'm not logged in
And I have permission to access the admin area
And the grace period has expired
When I try to login
Then my account is locked
And I see an error message notifying me that my account has been locked and instructing me how to restore access to it
Additional context
See WP 2FA