Starting with 4.3.0 LEPTON has a built-in two-factor authentication (2fa or tfa).
Important: this feature does only work if LEPToken are set to life (default).
Notice: this feature does not work with algos theme (set depricated).
If you install a new LEPTON release you can set this feature during installation process, upgraded LEPTON releases have switched this feature off. You can activate the 2fa in the settings/default_settings in the backend.
How it works
If 2fa is activated you have to type an additonal PIN - which is once generated by the system for each user and is saved encrypted in the database - after you are logged in with username and password.
This is an additonal feature to secure LEPTON installations.
If users forgot this PIN there is no chance to login into LEPTON.
Only admin is able to reset PIN via admintool if neccessary.
Please keep in mind that you can also rename your backend path for security reasons.
Also switch off frontend login ( settings/general_settings) if not needed.