Have I read the related troubleshooter articles above before posting (which pages?)? YES
Have I searched the tickets before posting? YES
Have I read the documentation before posting (which pages?)? YES
Joomla! version: 2.5.7
PHP version: 5.3.2-1ubuntu4.18 (production) + 5.3.2 (locally)
MySQL version: 5.1.61-0ubuntu0.10.04.1 (production) - 5.1.46 (locally)
Host: Gigas.com (CGI/FastCGI/fcgid_mod) + Joomlas2Go! Multisite Pack (locally)
Admin Tools version: rev5464ADE (production) + 2.4.0 (locally)
Description of my issue:
SCENARIO: Two-Factor Authtentication enabled on both servers (same site built-in inside each one)
HOW TO REPRODUCE THE REPORTED ISSUE: - Go to backend and login with username & password leaving 'blank' and untouched the Security Code' field and hit 'Enter'... Then you will access your Backend Area without problem.
Note: If you enter a wrong code, then will not get access
CONCLUSION: Two-Factor Auth is not adding additional protection if 'security code' code filed is ignored when login at the backend area.
Hope this helps,
Rgrds,