I’m new to Nextcloud and have a question on something that seems a bit odd. I see that I can enable U2F on Nextcloud which is awesome. But then I notice I don’t need it to log into the RainLoop front-end. Is this by-design? It seems that although U2F is only possible on Nextcloud then it’s rendered somewhat pointless if your only option for logging directly into webmail is TOTP log since it presents a broader attack vector. Am I incorrect in my line of thinking? Thanks!