Using this plugin but there is one thing that is lacking that should be incorporated: There should be a possibility to receive a verification link via SMS whenever they login the same way it works when they register. This way, when an attacker even gets their password and tries to login, they will still have to receive a verification link/code via SMS on their phone number.

Please, what do you think?

@Smithtech
Better to use 2-factor auth plugin:
https://osclasspoint.com/osclass-plugins/protection-and-spam/two-factor-authentication-plugin-i184

Osclass itself does not recognize what you propose.