Add Username + Password + 2FA (OTP) Login Option

Title: Add Username + Password + 2FA (OTP) Login Option

Description:
Please add a traditional authentication option using username/email + password, with an optional or enforced second factor (OTP / TOTP), alongside the existing magic-link login.

Reasons:

1. Usability

   • Password managers (1Password, Bitwarden, etc.) work best with username/password flows, enabling faster and more reliable logins.

   • Magic links are slower and error-prone in day-to-day use (email delays, mobile/desktop context switching, expired links).

   • Users expect a standard login flow, especially for frequent access.

2. Security

   • Username/password + 2FA (TOTP or OTP) is a well-understood and auditable security model.

   • Reduces reliance on email security alone (email compromise = account compromise with magic links).

   • Enables stronger controls such as enforced 2FA, step-up authentication, and conditional access.

3. Compliance / Enterprise Requirements

   • Many security standards and customer security questionnaires (SOC 2, ISO 27001, internal IT policies) explicitly expect:

     • Password-based authentication

     • Multi-factor authentication

   • Some enterprises do not accept passwordless-only auth for internal tools.

4. Technical / Operational

   • Enables compatibility with SSO-like flows, account recovery, and admin-enforced security policies.

   • Allows gradual rollout: magic link can remain as an option, but not the only one.

Suggested Implementation

• Login options:

  • Email/Username + Password

  • OTP/TOTP as second factor (Google Authenticator, Authy, etc.)

  • Optional fallback: magic link

This would significantly improve Supademo’s usability, security posture, and enterprise readiness.