Hello guys! Just a question that popped out of my mind. If hackers usually target email/passwords that would grant them access to a specific service, why not use email + a short-lived credential like a OTP (e.g., the ones generated by an authenticator app)? Wouldn't that be far more secure since the window of attack is considerably reduced? I know that probably that would suck from a usability point of view.