Since Authy is now under fire, VRChat should now add support for Hardware Authentication Devices alongside the existing 2FA solutions available. If activated, prioritizes your Hardware Authentication Devices as the first authentication method, making 2FA being secondary.

Since you can add more than one Hardware Authentication Device, this should also be supported as well.

Background:

Hardware Authentication Devices are way more secure than 2FA as it uses the FIDO2 model. Even though Time-Based One-Time-Passwords are good enough, it leaves flexibility to other security keys off the table that do not support VRChat's current 2FA model.