When the user tries to login, we check the the IP address. If it's different from last time or unknown, we use the 2FA. I'm not sure if this is the right process but it seems many websites are doing this or sending you a notification when you login from a different location or device.