In all two factor auth systems I use elsewhere, if you enter an invalid auth code or an invalid recovery code, you are redirected back to the same view where you can attempt to enter the code again.

With Fortify, the default behaviour redirects you back to the login view. This is frustrating if you enter an incorrect auth code, because you then need to enter your email address and password again, before you can attempt two factor authentication again.

I would suggest the default behaviour should be to redirect you back to the two-factor.login route when an invalid auth code is entered.

Hey @1stwebdesigns. You can customize the experience by binding your own FailedTwoFactorLoginResponse implementation. This way you can get the behavior you want. I don't think we'll replace the default behavior but you're free to attempt a PR to see if Taylor would accept it. Probably needs to go to master.