* The password fallback is disabled for the login process, so the login will not require the password twice when the user has no other two factor method configure.
totp-required
for compatibility purposes, it doesn't mean that the error is related to TOTP only, so we pass more details to identify the action required.The bypass should be used carefully because it gives super powers to who gain access to the token