See PHI1599, which reports this:
- An install has no MFA configured.
- An administrator renamed a user.
- The renaming story was badged as "MFA", even though they didn't enter MFA (they didn't have to, since no MFA was configured).
This is minor but incorrect; the story should not be badged if the user did not actually enter MFA, even if the action would have required MFA if MFA was configured.