username or email flanked with 2FA #GDPR
As a matter of fact there is more to do than type in a username and a password to achieve a getting some kind a close to #GDPR compliance feeling or recomandation. Strongly I get a feeling that state of the art #GDPR will be soon a real pain in the ass for all of us using software for making things happen. Think about it!
Be honest to yourself, is protecting a login with username and password enough in in these days? Sure not, so use a 2nd factor for authentication and get yourself and your clients some kind of a state of the art protected feeling.
As far as I’ve seen it here #WordPress allows you to choose between your username and your email for login. Well there is no easy way out unless you use some kind of LDAP services to manage that struggle. On the other hand you can force your users to write their usernames for 429 login applications down, cuz they will not memorize it, or let them use their email and their email only for login. Always supported or flanked by a 2FA.
The only thing you have to do is, temper a little bit with the code in your child-themes.
The file you have to edit is functions.php