The more users using a Two Factor Authentication methods available, the safer we all are. Today PyPI offers both Time-based One-Time Passwords (TOTP) and WebAuthn.

This seems fine; these are open standards and there is widespread free software support for them. It’s easy enough to add TOTP support to your password manager if you don’t want to deal with a smartphone app.