One time passwords raise the bar, but as services like this become more and more common its clear that we have to move to WebAuthN/FIDO2. You might not think you’re a target but often the value is in the number of breached accounts not the individual account.

Mastodon