Add to that list: hardware-based 2FA. Based on past tweets from jgrahamc, I believe CloudFlare requires all their employees to use hardware U2F tokens for critical things like Google services and has for awhile, yet they still don't support those on their own dashboard.
