Is there a best practice for enabling 2fa with roundcube?
There are probably other methods, but one that you could try is this plugin:
https://github.com/alexandregz/twofactor_gauthenticator
It enables 2fa using RFC 6238 6 digit codes as generated from google authenticator.
I don't see much happening there, mostly they merge pull requests. Currently scanning qr codes with my app does not even work in dark mode.
I am quite charmed by this one[1] I don't have such yubi key, but this integrates nicely with windows. Maybe I will try to get some virtual yubi driver to test. I offered sponsoring adding the TOTP stuff to this plugin.
PS. If you are coding, I am looking a bit at the structure of plugins. I thought I managed to identify the structure from other examples but my submit button stays on disabled. Do you know what could be?