@neauoire @ratfactor I really don't like 2 or MFA mechanisms, but the one on GitHub actually works fine. I shall never put an sms forced required in any place, but I can have both a TOTP 2FA and a yubikey and can use either one that is available. If I don't have the yubikey around or have lost it I can still do things. And the TOTP codes are easy to backup, just put in the normal place where passwords are saved or in a dedicated app like Aegis.