Version 0.7.0

• Fix: improve time-based one-time (TOTP) autofill when using password managers like 1Password, see #373. Props @omelhus.
• Fix: allow spaces in email code input and strip them away before processing, see #379. Props @shay1383.
• Fix: remove references to Google Authenticator app since there are a lot more TOTP authenticators these days, see #367. Props @r-a-y.
• Fix: register FIDO U2F related scripts during the suggested action hooks to avoid PHP noticed, see #356 and #368. Props @cojennin.
• Rename and deprecate action and filter names two-factor-user-options- and two-factor-totp-time-step-allowance that don't following the WP coding standards. Use two_factor_user_options_ and two_factor_totp_time_step_allowance now. See #363. Props @paulschreiber.
• Update codebase to match the WordPress coding standards, see #340. Props @paulschreiber.
• Add tooling to run PHPUnit tests locally during development, see #355. Props @kasparsd.

Version 0.7.0-rc.1

• Update codebase to match the WordPress coding standards, see #340. Props @paulschreiber.
• Add tooling to run PHPUnit tests locally during development, see #355. Props @kasparsd.

Version 0.6.0

• Security fix: escape the U2F key value when doing the key lookup in database during login. Props @mjangda from WordPress VIP. See #351.

• New feature: invalidate email tokens 15 minutes after they were generated. Use the two_factor_token_ttl filter to override this time-to-live interval. See #352.

• Document some of the available filters.

Version 0.5.2

• Bugfix: saving standard user profile fields no longer resets the time-based-password key, see #341.
• Bugfix: remove spaces around authentication codes before verifying them, see #339 (props @paulschreiber).
• Bugfix: allow admins to configure FIDO U2F keys for other users, see #349.
• Enable the "Dummy" authenticator method only when WP_DEBUG is set since we don't want regular users using it.
• New: Add an two_factor_user_authenticated action when the user is logged-in after the second factor has been verified, see #324 (props @Kubitomakita).
• New: Add two_factor_token_email_subject and two_factor_token_email_message filters to customize the email code subject and body, see #345 (props @christianc1).
• Update the reference article URL in the readme files to account for domain change, see #332 (props @todeveni).

Version 0.5.1

• Security fix: invalidate the session token used for the first password-based authentication, props @aapost0l.
• Typo fixes in code comments, props @akkspros.

Version 0.5.0

• Add a compatibility layer for Jetpack Secure Sign On to support longer session cookies, see #276. Props @pyronaur.
• Fix spelling errors in code comments, see #318. Props @akkspros.
• Add license file, #313. Props @axelsimon.
• Bump the supported version of PHP to 5.6 to match the WordPress core.

Version 0.4.8

• Mark as tested with WordPress 5.3.
• Add a screenshot with email code authentication prompt.
• Update development tooling versions.

Version 0.4.7

• Introduce a two_factor_totp_title filter to allow TOTP title to be changed, see #294 (props @BrookeDot).
• Mark as tested with WordPress 5.2.

Version 0.4.6

• Add a unique ID for the two-factor options section, see #286 (props @joshbetz).
• Add usage instructions and plugin screenshots, fixes #272.

Version 0.4.5

• Add the missing two-factor textdomains, see #281 (props @Sonic853).
• Fix U2F feature detection in Firefox, see #285.