Please, if you’re going to require multi-factor authentication, can you support proper soft tokens? I don’t want SMS or email, I just want to use the same kind of OTP I use with Google, Amazon, and dozens of other sites. I know you’re trying to support lowest common denominator capability with minimal config for end-users, but there are many reasons why someone would want this. Not least of all that SMS and emails show up as notifications across many of my devices that could potentially be seen by others, vs. a soft token that I re-auth on my local device and only I see. Thank you for your consideration.