making nostr or lightning based auth for login is the most important i think

email notifications are of little value, but nostr based notifications are kinda useful but i don't think there is any model for how to do that properly either so...

email as 2fa is fine, and as an account ID is fine