Hi, So currently, if people have 2FA enabled for their email, it will send a 6 random digits to your email. I've had a case where someone was able to bruteforce himself into an account with only using an email and password. I think a simple change like adding letters could improve 2FA a lot as bruteforcers would have more combinations to go through. They wouldn't be able to do this as the code would expire by the time they even go through a fraction of the possibilities. Thanks!