docs: Move enable-by-default config step up

zmstone · zmstone · commit f018d78c974b · 2025-04-30T13:53:23.000+02:00
diff --git a/en_US/multi-factor-authn/multi-factor-authentication.md b/en_US/multi-factor-authn/multi-factor-authentication.md
@@ -25,6 +25,16 @@ The goal of MFA is to ensure that even if someone obtains your password, they ca
 
 MFA is disabled by default. To enable MFA for users, the administrator must configure the system to support MFA and set it up for individual users. Only users with [administrator privileges](../dashboard/system.md#users) can enable or disable MFA for other users.
 
+### Enable MFA by Default for the Dashboard
+
+To enable MFA for all Dashboard users by default, the administrator needs to configure the `dashboard.default_mfa` setting in the configuration file. This can be set to either `none` (to disable MFA) or `{mechanism: totp}` (to enable TOTP-based MFA).
+
+Example configuration:
+
+```bash
+dashboard.default_mfa = {mechanism: totp}
+```
+
 ### Enable MFA for Users via EMQX Dashboard
 
  Administrators can enable MFA directly from the Dashboard by following these steps:
@@ -59,16 +69,6 @@ For more information on the role-based access control implementation of the REST
 
 :::
 
-#### Enable MFA for the Dashboard
-
-To enable MFA for the entire Dashboard, the administrator needs to configure the `dashboard.default_mfa` setting in the configuration file. This can be set to either `none` (to disable MFA) or `{mechanism: totp}` (to enable TOTP-based MFA).
-
-Example configuration:
-
-```bash
-dashboard.default_mfa = {mechanism: totp}
-```
-
 #### Enable MFA for a Specific User
 
 To enable MFA for a specific user, the administrator can send a `POST` request to the `/users/{username}/mfa` API endpoint with the following request body:
@@ -115,4 +115,4 @@ After you've completed the initial setup, you can use the authenticator app to l
 3. **Successful Login**:
    If the code is valid, you will be logged into the Dashboard.
 4. **Invalid Code**:
-   If the code is incorrect or expired, you will see an error message. In this case, you can try entering the current code from your authenticator app.
+   If the code is incorrect or expired, you will see an error message. In this case, you can try entering the current code from your authenticator app.
diff --git a/zh_CN/multi-factor-authn/multi-factor-authentication.md b/zh_CN/multi-factor-authn/multi-factor-authentication.md
@@ -25,6 +25,16 @@ MFA 的目标是确保即使有人获得了您的密码，也无法登录您的
 
 MFA 默认为禁用状态。要为用户启用 MFA，管理员必须配置系统以支持 MFA，并为各个用户设置它。只有具有[管理员权限](../dashboard/system.md#用户)的用户才能为其他用户启用或禁用 MFA。
 
+### 默认启用 MFA
+
+要为 Dashboard 所有的用户默认开启 MFA，管理员需要在配置文件中配置 `dashboard.default_mfa` 设置。该设置可以设置为 `none`（禁用 MFA）或 `{mechanism: totp}`（启用基于 TOTP 的 MFA）。
+
+示例配置：
+
+```bash
+dashboard.default_mfa = {mechanism: totp}
+```
+
 ### 通过 EMQX Dashboard 启用 MFA
 
 管理员可以直接通过 Dashboard 启用 MFA，步骤如下：
@@ -59,16 +69,6 @@ MFA 默认为禁用状态。要为用户启用 MFA，管理员必须配置系统
 
 :::
 
-#### 启用整个 Dashboard 的 MFA
-
-要为整个 Dashboard 启用 MFA，管理员需要在配置文件中配置 `dashboard.default_mfa` 设置。该设置可以设置为 `none`（禁用 MFA）或 `{mechanism: totp}`（启用基于 TOTP 的 MFA）。
-
-示例配置：
-
-```bash
-dashboard.default_mfa = {mechanism: totp}
-```
-
 #### 启用特定用户的 MFA
 
 要为特定用户启用 MFA，管理员可以向 `/users/{username}/mfa` API 端点发送 POST 请求，请求体如下：
@@ -108,4 +108,4 @@ dashboard.default_mfa = {mechanism: totp}
 1. **输入您的用户名和密码**： 在后续的登录尝试中，输入您的用户名和密码。
 2. **输入 TOTP 代码**： 验证密码后，系统会提示您输入由身份验证应用程序生成的 TOTP 代码。
 3. **成功登录**： 如果验证码有效，您将成功登录 Dashboard。
-4. **验证码无效**： 如果验证码错误或过期，您将看到一条错误消息。在这种情况下，您可以尝试重新输入当前身份验证应用程序中的验证码。
+4. **验证码无效**： 如果验证码错误或过期，您将看到一条错误消息。在这种情况下，您可以尝试重新输入当前身份验证应用程序中的验证码。
