Merlin should have a 2 or multi factor authentication

Preferably a authenticator app since they are less vulnerable then Gmail or phone number verification methods

Or potentially have the option to support hardware keys

The problem is that since Merlin is now having more and more access to other things such as Gmail or notion where it can become a vulnerability if Merlin doesn't end up supporting muti Factor auth or second step authentication