Not having some method of 2FA is a major issue and I will not be able to roll this out to most of my customers without it - Also is the knowledge base information or data uploaded like .pdfs encrypted at rest? If it is not, it is an immediate HIPPA violation to use even with 2FA?