AVOID whenever possible sms-based 2fa. Use totp codes.
SMS makes your phone a single point of failure [1].
I currently use the OTP feature of keepassxc, so that I can still generate otp code but can have those codes replicated on my trusted devices. You can save the seed of the TOTP and re-install the otp on other devices too.
[1] plus you should really try and depend as little as possible on your smartphones. smartphones are the leash of the third millennium. the less you are dependant on it, the free-er you are.
No idea why nobody is acting on it - maybe nobody else has thought of it yet. While the idea of there being attenuated strains out there is nothing radical, the idea of using them is.
Please everyone if you know someone you think might be able to help make this happen then spread the word. You are even welcome to steal the idea and claim it is your own :)
Have you considered sending this as a letter to a medical journal? I know it's not a "scientific article" per se, but many journals have a section dedicated to letters. For example, CMAJ (Canadian Medical Association Journal) considers such letters, and right now they're fast-tracking anything COVID-related: https://www.cmaj.ca/
I remember asking them every month years back their hand over to Atlassian - to create / enable backup codes functoonality.
Several months ago after changing countries and phones I discovered that my backup codes didn't work.
Their "support" offered me a "solution" - to delete all my boards associated with my email so that I could create fresh ones.
Zero apologies, zero explanation as of why my perfectly double-backed up 2FA codes were not working, all blames on me the user.
There were sensitive details for approx 16 projects collected daily over the span of 5 years.
That SSO 2FA is flawed the same way across all Atlassian products.
Never again would I trust my data to Atlassian.
WeKan is open source and welcome.