Stop Allowing a User Tokens to Bypass 2FA!

As the title says: Stop allowing user tokens to bypass 2FA in the hierarchy of authentication. It makes simple sense to make 2FA higher in this hierarchy. Tokens are only obtained through the console, a regular user isn't even able to log in using a token. Only through using one of the many selfbot libraries (just google selfbot library, and you'll see them on GitHub) can you use a user token to do anything with it. This would effectively fix thecurrent MASSIVE issue of people getting their accounts stolen through links, which spreads like a virus and grows exponentially. Doing this would also discourage selfbots if implemented, because users would have to sacrifice their security to use them. The fact that this is your only protection for tokens is simply inexcusable: