Ted
I think the solution is even simpler than that, generate the passwords for the users.
You don’t have credential stuffing attacks to worry about anymore. Log in is fast and easy. It’s far easier to implement than any 2FA. It’s more effective than SMS 2FA. Every web browser stores and fills passwords and works on all devices. If you don’t trust browsers you can use pen and paper where most 2FA require expensive solutions like a phone or hardware token. This article talks more about this here https://passwordbits.com/do…