I really like the idea behind two-factor-auth.
you need two things to successfully login:
- something only you know (a password)
- something you own (like a key or a mobile)
I recently bought a Yubikey and I was able to easily set up U2F / OTP for:
- self-hosted gitlab
- google account
here's a list of enabled services/solutions