Should have been done a LONG time ago. TOTP with a an authenticator app or password manager, and/or a passkey. Though knowing AAG we're gonna get text message or email based MFA, which I suppose is better than nothing.

Hyatt has had passkey support for a couple years now and it's been great. It gives me significant peace of mind.