An issue exists in Joomla! 3.2.0 up to and including 3.9.24. Usage of an insufficient length for the 2FA secret accoring to RFC 4226 of 10 bytes vs 20 bytes.
joomla joomla\\!