Description
First let me say I'm new at Github, so I'm sorry if this is not the right place to raise questions and suggestions.
Also, would like to thanks the devs, this is the best MFA package for django that I found so far. Really appreciate the work!
I would like to suggest that it would be a good security practice to ask for a 2FA code when the user choose to disable the MFA Auth. [Prevent someone with physical acess to the PC from disabling it, while session is still valid.
I also think it would be a good idea to provide the key together with the QR Code, at the configure.html, so the user can print/copy/write it as a backup code. I have tried to do it, unsuccefully so far. I belive that's because I'm not familiar with the encode and decode funcs in the configure_mfa at views.py. If you don't intent to add this feature, I would appreciate if someone could shed some light on how can i do it myself.
Thanks,