Multifactor authentication has become standard in security-criticial authorization systems. It should be noted that even most MFA, even for banks, has relaxed security -- OTP can be phished and SMS can be sim-swapped. For optimal security, we developed a convenient email-based MFA architecture that resists phishing while preserving cross-browser compatibility unlike traditional email magic links and OTPs. More details will be published later.