I enabled 2 factor authentication on CaVirtex the other day. (because the browser token scheme you have consistently failed to work across multiple browsers, requiring me to log in twice every session, which was a nuisance) I tried to login this afternoon and after correctly entering username, password and the Authentication code, surprise, surprise, I get: "User authentication failed" on the second screen.
I tried a couple more times with the same result. I don't want to try anymore times due to the ugly "10 invalid password attempts will DISABLE your account and require our admin team to manually investigate and re-activate." message that shows up at the login screen.
After this I tried the alternate option of using the "Backup codes" selection, however the textbox only lets me type 8 characters. The backup code that I carefully wrote down from your 2FA set up screen was 16 characters long. When I enter the first 8 characters of my backup code I get an error message "Enter a whole number."
Obviously the validation routine for checking the "Mobile app" data entry is kicking in for the "Backup codes" data entry. Furthermore, it's obvious your programmer didn't even try it once before implementing this on your LIVE website.
I hope you guys aren't paying too much for your "development" team. I don't think you are getting your money's worth.
You need to do some proper system testing and fix your broken website.