local is ambiguous in requiring two 2FA (#34298)

* local is ambiguous in requiring two 2FA

* Update aspnetcore/security/authentication/identity-enable-qrcodes.md

* Update aspnetcore/security/authentication/identity-enable-qrcodes.md

* Update aspnetcore/security/authentication/identity-enable-qrcodes.md

Co-authored-by: Luke Latham <[email protected]>

---------

Co-authored-by: Luke Latham <[email protected]>

Author: Rick-Anderson

aspnetcore/security/authentication/identity-enable-qrcodes.md

@@ -27,7 +27,7 @@ The ASP.NET Core web app templates support authenticators but don't provide supp
 
 :::moniker-end
 
-Two-factor authentication does not happen using an external authentication provider, such as [Google](xref:security/authentication/google-logins) or [Facebook](xref:security/authentication/facebook-logins). External logins are protected by whatever mechanism the external login provider provides. Consider, for example, the [Microsoft](xref:security/authentication/microsoft-logins) authentication provider requires a hardware key or another 2FA approach. If the default templates enforced "local" 2FA then users would be required to satisfy two 2FA approaches, which is not a commonly used scenario.
+Two-factor authentication does not happen using an external authentication provider, such as [Google](xref:security/authentication/google-logins) or [Facebook](xref:security/authentication/facebook-logins). External logins are protected by whatever mechanism the external login provider provides. Consider, for example, the [Microsoft](xref:security/authentication/microsoft-logins) authentication provider requires a hardware key or another 2FA approach. If the default templates required 2FA for both the web app and the external authentication provider, then users would be required to satisfy two 2FA approaches. Requiring two 2FA approaches deviates from established security practices, which typically rely on a single, strong 2FA method for authentication.
 
 ## Adding QR codes to the 2FA configuration page