I have setup 2factor using the orange push notifications option on my wordpress website.
I created a 2nd test user admin on the website and logged into it using a different browser and it did not ask me to authenticate the login? any user can access my site without the authenticator – apart from myself, the registered admin user with the orange account
miniOrange Two Factor(2FA) free plugin supports 2FA for only one user(administrator) in the plugin.
Can you please check if the user who installed the plugin is protected with 2fa? And as other users should not be able to change the settings it is only visible to the user who has installed the plugin.
If you want to enable 2FA for more than one user you need to upgrade to the premium plan.
To upgrade to the premium plugin, please refer to the Upgrade Plans Tab in the plugin.