Password + TOTP from your authenticator (secret provisioned via bootstrap script).
Key:
Client enters this key + 6-digit code from Authenticator in the desktop app.
