Actual core features of my project aside, I have been building a tool for service-based businesses and freelancers for few months that is now nearing beta test release. I added multi-region database and its routing, full MFA with authenticator + email OTP fallback to lock out critical/sensitive features, google auth, passwordless sign in/up, and the traditional email and password.
Looking at the system architecture, are the features mentioned a bit of an over engineering for something that isn't released yet?