I know it's bad form to submit a large PR like this but this fixes almost everything in https://github.com/firefly-iii/firefly-iii/issues/9183 and I was too lazy to create a branch for it.

resources/views/profile/mfa/backup-codes-intro.twig

@@ -0,0 +1,46 @@
+{% extends './layout/default' %}
+
+{% block breadcrumbs %}
+    {{ Breadcrumbs.render(Route.getCurrentRoute.getName) }}
+{% endblock %}
+
+{% block content %}
+<form method="POST" action="{{ route('profile.mfa.backup-codes.post') }}" accept-charset="UTF-8" class="form-horizontal" id="preferences_code">
+    <input name="_token" type="hidden" value="{{ csrf_token() }}">
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+                <div class="box">
+                    <div class="box-header with-border">
+                        <h3 class="box-title">{{ 'mfa_backup_codes_title'|_ }}</h3>
+                    </div>
+                    <div class="box-body">
+                        <div class="form group">
+                            <p>
+                                {{ 'mfa_backup_codes_intro'|_ }}
+                            </p>
+                            <p class="text-danger">
+                                {{ 'mfa_backup_codes_quick'|_ }}
+                            </p>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+
+    <div class="row">
+        <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+            <div class="box">
+                <div class="box-body">
+                    {{ ExpandedForm.password('password', {helpText: 'current_password_confirm_mfa'|_}) }}
+                    {{ ExpandedForm.text('code', code) }}
+                </div>
+                <div class="box-footer">
+                    <button type="submit" class="btn btn-success">{{ 'pref_save_settings'|_ }}</button>
+                </div>
+            </div>
+        </div>
+    </div>
+
+
+</form>
+{% endblock %}

resources/views/profile/mfa/backup-codes-post.twig

@@ -0,0 +1,28 @@
+{% extends './layout/default' %}
+
+{% block breadcrumbs %}
+    {{ Breadcrumbs.render(Route.getCurrentRoute.getName) }}
+{% endblock %}
+
+{% block content %}
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+                <div class="box">
+                    <div class="box-header with-border">
+                        <h3 class="box-title">{{ 'mfa_backup_codes_post_title'|_ }}</h3>
+                    </div>
+                    <div class="box-body">
+                        <div class="form group">
+                            <p>
+                                {{ '2fa_backup_codes'|_ }}
+                            </p>
+                            <textarea rows="10" class="form-control" readonly>{{ codes }}</textarea>
+                        </div>
+                    </div>
+                    <div class="box-footer">
+                        <a class="btn btn-success" href="{{ route('profile.mfa.index') }}">{{ '2fa_i_have_them'|_ }}</a>
+                    </div>
+                </div>
+            </div>
+        </div>
+{% endblock %}

resources/views/profile/mfa/disable-mfa.twig

@@ -0,0 +1,48 @@
+{% extends './layout/default' %}
+
+{% block breadcrumbs %}
+    {{ Breadcrumbs.render(Route.getCurrentRoute.getName) }}
+{% endblock %}
+
+{% block content %}
+    <form method="POST" action="{{ route('profile.mfa.disableMFA.post') }}" accept-charset="UTF-8" class="form-horizontal">
+        <input name="_token" type="hidden" value="{{ csrf_token() }}">
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+                <div class="box">
+                    <div class="box-header with-border">
+                        <h3 class="box-title">{{ 'disable_mfa_page'|_ }}</h3>
+                    </div>
+                    <div class="box-body">
+                        <p class="hidden-print">
+                            {{ 'disable_mfa_intro'|_ }}
+                        </p>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+                <div class="box">
+                    <div class="box-body">
+                        {{ ExpandedForm.password('password', {helpText: 'current_password_confirm_mfa'|_}) }}
+                        {{ ExpandedForm.text('code', code) }}
+                    </div>
+                    <div class="box-footer">
+                        <button type="submit" class="btn btn-danger">{{ 'pref_disable_mfa'|_ }}</button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </form>
+{% endblock %}
+{% block scripts %}
+    <script type="text/javascript" nonce="{{ JS_NONCE }}">
+        $(function () {
+            "use strict";
+
+            // Focus first visible form element.
+            $("form#preferences_code input:enabled:visible:first").first().select();
+        });
+    </script>
+{% endblock %}

resources/views/profile/mfa/enable-mfa.twig

@@ -0,0 +1,59 @@
+{% extends './layout/default' %}
+
+{% block breadcrumbs %}
+    {{ Breadcrumbs.render(Route.getCurrentRoute.getName) }}
+{% endblock %}
+
+{% block content %}
+    <form method="POST" action="{{ route('profile.mfa.enableMFA.post') }}" accept-charset="UTF-8" class="form-horizontal" id="preferences_code">
+        <input name="_token" type="hidden" value="{{ csrf_token() }}">
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+                <div class="box">
+                    <div class="box-header with-border">
+                        <h3 class="box-title">{{ 'pref_two_factor_auth_code'|_ }}</h3>
+                    </div>
+                    <div class="box-body">
+                        <p class="hidden-print">
+                            {{ 'pref_two_factor_auth_code_help'|_ }}
+                        </p>
+                        <div class="form group">
+                            <div class="col-sm-8 col-md-offset-4 hidden-print">
+                                {{ image|raw }}
+                            </div>
+                            <p class="hidden-print">
+                                {{ trans('firefly.2fa_use_secret_instead', {secret: secret|escape})|raw }}
+                            </p>
+                            <p class="hidden-print text-danger">
+                                {{ 'mfa_warning_code_changes'|_ }}
+                            </p>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+        <div class="row">
+            <div class="col-lg-6 col-lg-offset-3 col-md-12 col-sm-12 col-xs-12">
+                <div class="box">
+                    <div class="box-body">
+                        {{ ExpandedForm.password('password', {helpText: 'current_password_confirm_mfa'|_}) }}
+                        {{ ExpandedForm.text('code', code) }}
+                    </div>
+                    <div class="box-footer">
+                        <button type="submit" class="btn btn-success btn-lg">{{ 'pref_save_settings'|_ }}</button>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </form>
+{% endblock %}
+{% block scripts %}
+    <script type="text/javascript" nonce="{{ JS_NONCE }}">
+        $(function () {
+            "use strict";
+
+            // Focus first visible form element.
+            $("form#preferences_code input:enabled:visible:first").first().select();
+        });
+    </script>
+{% endblock %}

resources/views/profile/mfa/index.twig

@@ -0,0 +1,48 @@
+{% extends './layout/default' %}
+
+{% block breadcrumbs %}
+    {{ Breadcrumbs.render(Route.getCurrentRoute.getName) }}
+{% endblock %}
+
+{% block content %}
+
+    <div class="row">
+        <div class="col-lg-8 col-lg-offset-2 col-md-12 col-sm-12">
+            <div class="box">
+                <div class="box-header with-border">
+                    <h3 class="box-title">
+                        {{ 'mfa_index_title'|_ }}
+                    </h3>
+                </div>
+                <div class="box-body">
+                    <p>
+                        {% if enabledMFA == true %}
+                            {{ 'mfa_index_enabled'|_ }}
+                        {% endif %}
+                        {% if enabledMFA == false %}
+                            {{ 'mfa_index_disabled'|_ }}
+                        {% endif %}
+
+                    </p>
+                    <p>
+                        {{ 'mfa_index_intro'|_ }}
+                    </p>
+                    <p>
+                        {{ 'mfa_index_owner'|_ }}
+                    </p>
+                    {% if enabledMFA == true %}
+                        <div class="btn-group">
+                            <a href="{{ route('profile.mfa.disableMFA') }}" class="btn btn-danger"><em class="fa fa-unlock-alt"></em> {{ 'pref_two_factor_auth_disable_2fa'|_ }}</a>
+                            <a href="{{ route('profile.mfa.backup-codes') }}" class="btn btn-default"><em class="fa fa-calculator"></em> {{ 'pref_two_factor_new_backup_codes'|_ }}</a>
+                        </div>
+                    {% endif %}
+                    {% if enabledMFA == false %}
+                        <p>
+                            <a class="btn btn-info" href="{{ route('profile.mfa.enableMFA') }}"><em class="fa fa-calculator"></em> {{ 'pref_enable_two_factor_auth'|_ }}</a>
+                        </p>
+                    {% endif %}
+                </div>
+            </div>
+        </div>
+    </div>
+{% endblock %}