A clickable multi-factor authentication link, valid for 20 minutes, is sent to users via email to verify identify upon log in.
Session 2: from 10/9/2021 onwards