Yes we need more powerful auth options but no we don’t want each service implementing its own sign-on and security code, we don’t want more user-visible complexity that’s specific to Jellyfin and works differently from our other self-hosted services. So…
Instead, help the whole self-hosting ecosystem by supporting standard external auth / SSO such as OIDC:
–> https://features.jellyfin.org/posts/230/support-for-oidc (support SSO / OIDC)
which can then provide all those great authentication options like 2FA.