diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 9dd1f0f8..252b074f 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -7,6 +7,7 @@ Changes
 
 **New features**
 
+* [#1637] Added 2FA which can be disabled by the environment variable``DISABLE_2FA``.
 * Made user emails unique to prevent two users logging in with the same email, causing an error
 
 
diff --git a/src/nrc/conf/ci.py b/src/nrc/conf/ci.py
index 1420de8e..b79ead57 100644
--- a/src/nrc/conf/ci.py
+++ b/src/nrc/conf/ci.py
@@ -8,6 +8,8 @@
 os.environ.setdefault("SECRET_KEY", "dummy")
 os.environ.setdefault("ENVIRONMENT", "CI")
 
+os.environ.setdefault("DISABLE_2FA", "no")
+
 from .includes.base import *  # noqa isort:skip
 
 CACHES = {
diff --git a/src/nrc/conf/dev.py b/src/nrc/conf/dev.py
index 061fef22..b9a46848 100644
--- a/src/nrc/conf/dev.py
+++ b/src/nrc/conf/dev.py
@@ -15,6 +15,8 @@
 os.environ.setdefault("DB_USER", "opennotificaties")
 os.environ.setdefault("DB_PASSWORD", "opennotificaties")
 
+os.environ.setdefault("DISABLE_2FA", "yes")
+
 from .includes.base import *  # noqa isort:skip
 
 #
@@ -50,10 +52,6 @@
 INTERNAL_IPS = ("127.0.0.1",)
 DEBUG_TOOLBAR_CONFIG = {"INTERCEPT_REDIRECTS": False}
 
-# None of the authentication backends require two-factor authentication.
-if config("DISABLE_2FA", default=True):  # pragma: no cover
-    MAYKIN_2FA_ALLOW_MFA_BYPASS_BACKENDS = AUTHENTICATION_BACKENDS
-
 # in memory cache and django-axes don't get along.
 # https://django-axes.readthedocs.io/en/latest/configuration.html#known-configuration-problems
 CACHES = {
diff --git a/src/nrc/conf/includes/base.py b/src/nrc/conf/includes/base.py
index 48e2952a..d425efd1 100644
--- a/src/nrc/conf/includes/base.py
+++ b/src/nrc/conf/includes/base.py
@@ -79,8 +79,6 @@
 # NOTE: We override this setting from open-api-framework, because removing
 # this would change the name to `nrc - admin`
 TWO_FACTOR_WEBAUTHN_RP_NAME = "Open Notificaties - admin"
-# add entries from AUTHENTICATION_BACKENDS that already enforce their own two-factor
-# auth, avoiding having some set up MFA again in the project.
 
 # RabbitMQ
 BROKER_URL = config("PUBLISH_BROKER_URL", "amqp://guest:guest@localhost:5672/%2F")
diff --git a/src/nrc/conf/production.py b/src/nrc/conf/production.py
index 88131454..b53d242b 100644
--- a/src/nrc/conf/production.py
+++ b/src/nrc/conf/production.py
@@ -8,6 +8,7 @@
 import os
 
 os.environ.setdefault("ENVIRONMENT", "production")
+os.environ.setdefault("DISABLE_2FA", "no")
 
 from .includes.base import *  # noqa
 
diff --git a/src/nrc/conf/staging.py b/src/nrc/conf/staging.py
index 51e09c47..5acd8aaa 100644
--- a/src/nrc/conf/staging.py
+++ b/src/nrc/conf/staging.py
@@ -7,5 +7,6 @@
 import os
 
 os.environ.setdefault("ENVIRONMENT", "staging")
+os.environ.setdefault("DISABLE_2FA", "no")
 
 from .production import *  # noqa