Security Announcement

What is the best practice for locking down AuthAnvil Two-Factor Auth (2FA) web services?