As a security conscious person I would love support for MFA using TOTP or hardware security keys. SMS is fundamentally insecure as of 2024 and should NOT be offered as an option.

Definitely don't require SMS. It's fine for non-technical people who don't want to bother with TOTP or passkeys, but it should absolutely be toggleable because it degrades the security of TOTP and passkeys.

https://www.issms2fasecure.com/

if doing so please add TOTP or just support passkeys I'm all in