feature request: Enforce "Log out all others sessions" & OTP recovery codes

[I2rys]

What do you want to see?

I recommend to add an auth everytime you want to "Log out all others sessions" because If an account got compromised the attacker can make a script that automatically "Log out all others sessions" making the owner unable to login in the account & better If you can limit further. For the OTP recovery codes just rate limit it further to render bruteforce useless.