Index: sites/all/modules/ga_login/ga_login.module
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- sites/all/modules/ga_login/ga_login.module	(revision 889)
+++ sites/all/modules/ga_login/ga_login.module	(revision )
@@ -192,6 +192,13 @@
   return $form;
 }
 
+function _ga_login_force_tfa($account) {
+  if (user_access('login without code', $account)) {
+    return isset($account->data['ga_login_force_tfa']) ? $account->data['ga_login_force_tfa'] : FALSE;
+  }
+  return TRUE;
+}
+
 /**
  * Submit handler to create a new code.
  */
@@ -306,9 +313,35 @@
       $form['links']['#weight'] = 5;
     }
   }
+  else if ($form_id == 'user_profile_form') {
+    $account = $form['#user'];
+    $register = ($account->uid > 0 ? FALSE : TRUE);
+    // Add some more settings to the user profile form.
+    $form['ga_login'] = array(
+      '#type' => 'fieldset',
+      '#title' => t('Two factor authentication'),
+      '#weight' => 1,
+      '#access' => (!$register && user_access('login without code', $account)),
+    );
+    $form['ga_login']['ga_login_force_tfa'] = array(
+      '#type' => 'checkbox',
+      '#title' => t('Protect my account with two-factor-authentication'),
+      '#default_value' => isset($account->data['ga_login_force_tfa']) ? $account->data['ga_login_force_tfa'] : FALSE,
+      '#description' => t('Check this box to force two-factor-authentication during login. If you decide to do so and haven\'t yet created your key, then please also refer to <a href="@url">GA Login</a>.', array('@url' => url('user/' . $account->uid . '/ga_login'))),
+    );
-}
+  }
+}
 
 /**
+ * Implements hook_user_presave().
+ */
+function ga_login_user_presave(&$edit, $account, $category) {
+  if (isset($edit['ga_login_force_tfa'])) {
+    $edit['data']['ga_login_force_tfa'] = $edit['ga_login_force_tfa'];
+  }
+}
+
+/**
  * Validate callback for login form.
  * @see ga_login_form_alter()
  */
@@ -316,7 +349,7 @@
   $name = $form_state['values']['name'];
   $code = $form_state['values']['gacode'];
   $account = user_load_by_name($name);
-  if (!user_access('login without code', $account) || !empty($code) || ($account->uid == 1 && variable_get('ga_login_always_for_uid1', 0))) {
+  if (_ga_login_force_tfa($account) || !empty($code) || ($account->uid == 1 && variable_get('ga_login_always_for_uid1', 0))) {
     module_load_include('php', 'ga_login', 'ga_login.class');
     $ga = new ga_loginGA(10);
     $username = _ga_login_username($account);