Thanks for reaching out.
If you think that a hardware token may be easier you may be able to use one. We haven’t tested this but we did have a customer report that the black YubiKey 5 NFC does work using their Authenticator software to set it up. He mentioned that it was easy to set up as it it ‘scans’ the QR-25 code just by the QR code being displayed in your browser and then sets the yubikey up almost automatically. He then said when he went to his WordPress site, he just plugged in the key and a code pops up in Authenticator like it does in Smartphone authentication apps and you’re logged in. You can read more about setting up a Yubikey in their support documentation:
https://support.yubico.com/hc/en-us/articles/360013789259-Using-Your-YubiKey-with-Authenticator-Codes
Again, we can’t offer support for it since it has not been officially tested but it does appear to be working at least for that user and for the few others that asked and were provided the information.
If you want to disable Wordfence settings I believe you can disable it for all the roles for the site. This is done on the Wordfence > Login Security > Settings page on your website. The only role you cannot disable 2FA for is the administrator role. You can only make it optional.
Mia
