Additional security

So when my discord was hacked, they had changed the email almost immediately while using the password they grabbed from the windows cache. Id like to suggest adding another layer in that to help prevent or at least make it harder for them to take more accounts. either using a cellphone code or authenticator code before the prompt to change the email. otherwise its just an open door when the token grab takes the account. I feel as if this would also lighten the load on support, giving them more time to assist in other requests and increase security while still utilizing a feature thats already built in.