Create a one-time MFA challenge code for a specified user, supporting SMS, email, TOTP, push, and other verification methods, used for secondary authentication before login or sensitive operations. Reference: NIST SP 800-63B §5.1.7 (Verifier Impersonation Resistance), OWASP ASVS V2.8.