2-factor authentication is defined here.

2-factor authentication supports the following modes:

e-mail

Before the connection is established, an e-mail containing an OTP (one-time code) is sent to the user.
This must be entered before the connection is established.
This feature requires the configuration of a mail server in the “Settings” -> “Notification” menu.
If the e-mail address is to be retrieved from a directory, a field for e-mail must be specified in the directory configuration under “Settings” -> “Directory”.

Google Authenticator

The GA Travelcard requires the GA Travelcard app on a smartphone. This can be installed free of charge via the relevant stores.
The GA app must scan a QR code once to create an account.
This code is displayed to the user once when they log in.
The GA app then generates a code that must be entered before the connection is established.
The QR code can be displayed once again for all users or for a specific user under “Settings” -> “Google Authenticator”.

Radius

In this case, a code is generated via a Radius server. This must then be entered before the connection is established.

SMS

Before logging in, the user receives an SMS to a specified number with a code.
This code must be entered before the connection is established.
To send the SMS, a corresponding service must be configured under “Settings” -> “SMS”.
Depending on the profile setting, the telephone number must be determined either via a directory or via a local user