Sorry if this is a duplicate topic and someone can link me elsewhere, but just how secure can the actual auth process get before network goes live?
All I have seen are user/password logins to the authenticator tool right?
I think we at least should offer 2FA and if even some form of option to enable 3FA built into the network login for user accounts by design. No matter how secure the data is traversing the network I think it is mission critical that a user who happens to have a screen capture tool or keylogger on an infected host that they could still likely not get in to that unfortunate individuals safe network account just from those two tools alone if the user has opted for some of the highest forms of SAFE Network security enabled.
My suggestion for the 3rd biometric level to be a form of facial recognition or retina scan or fingerprint read for devices enabled to do so(most laptops and phones can support this today).
Obviously its doable in today’s open source space: Face Recognition with Python, in Under 25 Lines of Code – Real Python , and although that is only facial detection in 25 lines of code, maybe a simple form of 3FA with basic analysis is feasible too(think eye color/skin tones/widths of ears/eyes/mouth 2 nose etc and a bunch of other combinations of ways you could evaluate it).
As seen with Apple’s face id a well crafted mold mask can beat the system but I certainly view it as a big +. And if someone took the time to honestly reconstruct a really good mask of my face and managed to beat my logins + 2FA Auth with like a TTL token generated securely with google authenticator etc. then they honestly deserved to get in lol as that was some dedication and lapses on my part 
.