[gsich]

I want a one-step-login. Not two step (first username, then password) and certainly not three step (username, password, 2fa, all in seperate pages). This braindead concept needs to die.

If no 2fa is active on the account, just accept anything (including empty strings) in that field.

[aurbano]

I get the point, but I’d be afraid that non-technical users would be confused to the point of not even trying...

You could obviously add some info message below or above, but people tend to be terrible at reading.

Maybe if the 2FA input field is below the login button, after some text explaining it’s function..?

I’d love to see some UX test results on this with a bunch of real users of varying tech skill levels.

[gsich]

If people want to use the service, they will figure it out. You can't create services with the dumbest user in mind. Sometimes a little nudging helps.

Besides you can always dynamically hide (or show) the 2fa option if the email or username doesn't have 2fa enabled.