Except for the really big one, which is strong MFA provided by the identity provider even when the site doesn't support it natively.