I’m certainly not! But I wouldn’t rule out (the availability of) significantly shorter timed upload tokens (e.g. 1-30 days) that require MFA to generate. That way a leaked token is far less damaging than a 12 month, all access one.
Perfect! These are what I was hoping to find, and apparently totally blanked on using “2FA” as a search term rather than MFA 