Hi @lordsnake,
When you sign in on an account that no longer prompts for 2FA, do you see a fresh QR code on your Login Security page or does the plugin think that 2FA is still active?
I haven’t heard of cases where 2FA tables have been reset without the plugin being deactivated first. Are you aware of any downtime or events with your host or other admins where they may have deactivated Wordfence and selected the option presented at that time to remove the plugin data? If you don’t have emails enabled to prompt you when Wordfence is disabled, that may be harder to rule in or out.
If the accounts still believe 2FA is active, then it’s less likely that the plugin data has been removed, but if something about the login page has changed the flow Wordfence is expecting, a failure to login would be the more likely outcome than just being allowed through.
Thanks again,
Peter.