@sumudu TOTP - time-based one-time password - is pretty great, as long as you don’t run into clock drift. That’s where one side thinks it’s now 12:03, the other thinks it’s 12:05, and codes are only good for say 30 seconds. Turns out most TOTP clients aren’t set up to let you answer “ok but what is the code as of this specific timestamp (vs just now), since that’s the time my server currently thinks it is?” (Learned that one the hard way when I almost locked myself out of my NAS.)