2FA

[midget3111]

I think in this day and age, 2FA should be the default. Either via email, SMS or authenticator app. Last one will be easier I imagine.

[trigg]

The first two are major headaches to set up for administrators. Auth App is absolutely possible, and we already have a QR generator dependency so just a case of adding an extra field to each user, changing the login process....