I would really like to see a way to setup 2FA via a Hardware Key (like the Yubikey or similar). I would really like it if there was a way to not only make it a requirement for logging in, but potentially make it a requirement for specific applications, so you can make very sensitive applications (for example, ones that handle userdata) require the hardware key, while less sensitive applications don’t require it.
If you implement this, please make sure that there is a way to setup a backup code in case you loose the Yubikey so you can still access the service. Most services do like a 10+ word passphrase you can write down/print.
P.S. This could also be something to implement in normal CloudFlare logins since DNS is important too!