The question may be "too broad" or "impure", but I will try to ask for advice.
We are thinking about enabling 2FA with Google Authenficator for all our services.
But the only concern for me now is that users will have to have a dedicated Authenticator account for each service, say:
Maybe there is a better approach?
Something like using a self-powered TOTP service … Although this I suppose will also require having an SSO enabled among all the accounts, but the SSO is beyond the scope of the current tasks.