Version 23.07 and later
A recent security upgrade, Multi-factor Authentication (MFA), involves a one-time password (code) sent via email. Users need a valid email address to receive and enter the code for login, otherwise, access will be restricted.
Once Multi-Factor Authentication (MFA) is enable on System Configuration it will apply to all users. Reauthentication Period can also be set that determines the duration, up to a maximum of 90 days, before users receive a new code and are asked to input it for authentication.
However, administrator can also BYPASS the said feature for certain users, and this can be done in the user profile: