Users confirm their e-mail when logging in. It is necessary to take this one step further. We must integrate the QR code security system such as Google Auth into the page using a short code. And we should leave this to the user's choice. When the user logs in, he will log in with his e-mail code, and if he turns on QR code security such as Google Auth in the future, he will log in more securely by entering the 2FA QR code after entering the e-mail code. In other words, you will enter the code given by your phone for both e-mail and QR code at the same time, like googleauth.I think something like this is really necessary.