Add ability to choose the default provider.

[StevenDufresne]

If a user has registered (and enabled) 2fa security keys, they will be used as the primary provider. Let's consider adding the ability to change that default.

Current	Design

[dd32]

What if the default wasn't a specific provider, but rather, the last-used provider?

[StevenDufresne]

Sometimes I need to use TOTP because I'm on a device that doesn't have my security key. When I return to my preferred device, I wouldn't want to be back to using TOTP.

[dd32]

Sometimes I need to use TOTP because I'm on a device that doesn't have my security key.

That's fair; I wonder if we could remember the last provider used per client then, long-lived session-agnostic cookie?

Additional factor I'd like to add to this conversation; at present, only 30% of users have both TOTP and Security Keys enabled.

[StevenDufresne]

If that's the case, it's probably fine to assume security keys as the primary and do nothing here?

[dd32]

With the 30% number, yeah, I think it can be skipped for now, or at least left on a Low-priority maybe list.

If it was higher, over 50% (as a random number..) then I think it'd make sense that maybe we'd want to offer further options here.