I am no coder, the only point I would be cautious of is #4, prefer direct login with keys would possibly be easier to control.

NOthing is perfect, but if we learn what works for humans and what doesn't, then we can be smarter about what to build in the future.

Hopefully a consensus will be reached one way or another for all members.