Hey guys. I am Yuriy. An engineer from FIDO Alliance. You probably heard about us. We are the organisation behind U2F protocol that Google reported killed employee phishing: https://krebsonsecurity.com/2018/07/google-security-keys-neutralized-employee-phishing.
Our organisation have developed secure, seamless, phishing proof, passwordless authentication standard called FIDO2. Or some people may call it WebAuthn. WebAuthn is the JS API part in the browsers of the FIDO2, and it is supported by Chrome, Edge and Firefox.
I was happy customer of yours for many years and I felt like you guys so great and innovative, that adding FIDO2 support to your multifactor authentication instead of TOTP would be a great idea, since TOTP is succeptable to phishing.
We have a tutorial https://slides.com/fidoalliance/jan-2018-fido-seminar-webauthn-tutorial
I wrote blog posts on attestation and assertion verification: https://medium.com/@herrjemand/verifying-fido2-responses-4691288c8770
We have a stories a good deployment stories: https://engineering.linecorp.com/en/blog/fido-at-line/
And we have a helpful and friendly community that will be able to help you if you stuck *)