The entire 2FA setup should be entirely redundant, but needs a complete rundown of systematic tests:
- What happens if a complete auth server is down, are there any problematic timeouts
- What happens if one of the yubikey-val servers is down
- What happens if an HSM is locked or otherwise broken