Improve account security with a second factor
Pleroma accounts can't be hardened with a second factor.
To support fido2
would be a great move, it's the only second factor that is proof to MITM.
TOTP
is good alternative without dedicated security hardware.
Once second factor is activated, a factor can only be added or removed with a second factor validation. Example:
1. add TOTP factor
2. confirm with TOTP
3. add FIDO2 factor
4. remove TOTP factor
5. confirm action with FIDO
The only trap to avoid is to be unable to add or remove a factor because there's only one and it's lost.