I am creating this discussion in regard to the 2FA authentication I found in the Adobe HELPX page.  - Setting up two-factor authentication for Adobe Experience Manager
Just so you know, we are using your module for AEM 6.1 for our client’s 2FA requirement.
The module seems to work fine, except that we are "intermittently" experiencing that the login page throws a 403 error - after a user submits correct credentials. What happens is, it shows a 403 error page instead immediately after the user clicks "Sign-in" button, not redirecting users to /libs/cq/core/content/welcome.html subsequently. Strangely, when we type the aforementioned link on the browser manually, e.g. https://author.local/libs/cq/core/content/welcome.html, the user gets no issue accessing the welcome page. This implies that the login process was actually successful, but there is an issue with the redirection.
FYI, we found an warning message in the logs when it occurred:
*WARN* [qtp933178697-315] org.apache.sling.auth.core.impl.SlingAuthenticator handleSecurity: AuthenticationHandler did not block request; access denied  
We also noticed that this occurs in all browsers - not limited to a particular browser.
We wonder if anyone also encounters the same error. We’d really appreciate it if you could share or advise us of possible solutions for this.
WHen this article was written (which was submitted from one of our super users) a while back, we tested it. I do not recall seeing the situation that you are describing. I will look at this again in AEM 6.1 and see if i can reproduce your issue.