It would be desirable to have a configurable option where when a user or someone else changes their authenticators, an email is sent to the user. That way the user can report this activity if they get an email about authenticator management actions that they did not perform.