It seems to me that when a user logs in to Opigno the login process is run twice. This means that a failed login actually registers as two failed logins. This can be tested by trying to log in to a standard Opigno and deliberately using the wrong password. The user will be blocked by the standard (hidden) Drupal flood control after three attempts - but the message will show the five attempts were made. (Install the Drupal module flood_control to be able to see the standard underlying default Drupal flood control). This is probably the reason why Opigno will not work with the Drupal tfa module. Can anyone shed any light on this double login issue?