You'd think they would just use the same 2FA methods that are popular for logging in. 'We sent a notification, click accept on it to continue' or 'read the 6 digit authenticator code' would be re-useable for their web login and there are a ton of libraries and info that make it easy to implement.
No comments yet.