To align with industry best practices and enhance cybersecurity around your application — both online and mobile — I would recommend the implementation of a secure passkey system or allow for a stronger two-factor authentication method/system. This recommendation, of course, stands in contrast to your current email protocol.

Please know that I advance this recommendation both as a paid user, but more importantly, as a concerned consumer of your product. Since — as previously stated — the single-method two-factor authentication via a temporary email passcode (currently in use) is rather antediluvian when juxtaposed to its viable alternatives.