[bachmeier]

> we require people to create app passwords

I like that, because it at least feels more secure to have a password that can only be used once, combined with the ability to go into the settings and shut off any device if it gets lost.

[brongondwana]

Yeah, it's by far the best of the options that use standard username/password authentication support. Basically make the password be another server-provided factor rather than user-chosen.