Gone are the days of trying to remember a username and password.
In many cases the requirement for a password changing every 30 days and containing a multiple or letters and digits or special characters has been replaced with this new apache module. This new system only requires a pass code which is auto generated from an iPhone app or from a mac program.
If you can log onto an iPhone with face id or log onto a Mac with a fingerprint isn't that secure enough?
So as long as you present the correct code you must be the right person. All this program does is make sure you are who you say you are.
How it works
Once access is granted a cookie is set for subsequent calls to the system.
This cookie expires within a few minutes but is refreshed on every subsequent call. Should the cookie time out then a new authentication attempt is needed.

Please try to break the system.
There is an email address on the hidden page after the login page.
If you get to the page please let me know.
I have set logging on to verbose whilst things are in test so I can see what you are doing lol