[halotrope]

When setting up the token you can scan the QR with multiple devices. E.g YubiKey and Authenticator App. This at least allows for a backup in case one goes missing. I agree it is kind of incredible that multiple tokens are not supported.

[Sebb767]

You actually can't mix hardware tokens and OTP apps. You're only option is to scan the code twice and skip hardware tokens entirely (which is quite reasonable, as the recovery for an app would be easier than for a failed/lost hardware token).

Note, though, that the new SSO login actually supports MFA in a normal way.

[aborsy]

You create several users with admin privileges each with separate MFA.

[nefitty]

Don't token limits reduce attack surface?