While this is convenient for debugging, it is probably a giant trap that newbies could fall into.
|mediawiki/extensions/OATHAuth||master||+18 -0||Don't allow scratch tokens when enrolling for 2 auth.|
Reedy suggests we might want a separate UI error for this situation:
How about: "You cannot use a scratch code to confirm two-factor authentication. Scratch codes are for backup and incidental use only. Please use a verification code from your code generator."
Better ideas are welcomed.