Email Verification is a simple multi-factor option that emails the user a one-time code to sign in. While this meets requirements of many multi-factor compliance regulations, it is not as secure as a time based token.
Go to System Settings > System Features, and enable Multi-Factor Authentication Mode for Admins or for All Users
Then choose the Authenticator App Verification
3. The next time a user logs in, they will see a screen similar to the following:
4. Then going forward they will be asked for a code to login which they can get from their phone
5. If a user forgets their town, an admin can reset it in the same screen used to reset a password. (Applicants > Search > Tools)
6. If you are an admin and forgot your own token, another admin or OpenWater support can reset it for you