If I’m rolling out MFA to users, should I provide TOTP, SMS or both?
My site’s users currently do not have any MFA options, but we’re planning to release this feature in the near future. We’ve already built support for TOTP and have it working internally, but some on my team think that it won’t be very user…