diff --git a/epic-games.js b/epic-games.js
index 4f40525..c52095e 100644
--- a/epic-games.js
+++ b/epic-games.js
@@ -86,6 +86,7 @@ try {
       // handle MFA, but don't await it
       page.waitForNavigation({ url: '**/id/login/mfa**'}).then(async () => {
         console.log('Enter the security code to continue - This appears to be a new device, browser or location. A security code has been sent to your email address at ...');
+        // TODO locator for text (email or app?)
         const otp = cfg.eg_otpkey && authenticator.generate(cfg.eg_otpkey) || await prompt({type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!'}); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
         await page.type('input[name="code-input-0"]', otp.toString());
         await page.click('button[type="submit"]');