Consider adding, next to password + 2FA login, a way to log in with a passkey saved on the system. The benefit would be easier and faster access to the panel without having to access the 2FA device. This should not compromise security compared to a regular password + 2FA login method.
That's a good suggestion. In the meantime Pocket ID https://pocket-id.org/ is a pretty solid passkey gateway.