Enable TOTP 2FA authentication in addition to email

Request to add TOTP 2FA authentication method, and allow users to choose this instead of email.

https://en.wikipedia.org/wiki/Time-based_one-time_password

RFC 6238 based TOTP apps are plentiful and common, such as Google Authenticator, Microsoft Authenticator, and most Password Keepers like BitWarden as examples.

Also worth a look are PassKeys

https://www.descope.com/blog/post/developer-guide-passkeys

https://learn.microsoft.com/en-us/windows/apps/develop/security/implement

https://passkeys.dev/docs/tools-libraries/libraries/

Both of these authentication methods are more secure than Email based, and more convenient.