Would it be possible to add a HTTPS 2-factor authentication? for example: A user has their Username and Password and log in to their account, when they log in they could be presented with a second log in page for the second factor. upon initial log in an email could be generated to the users registered email with a random password or code. The user will then have to use that code from the email to fully gain access to their account. Thus creating two factor, and a secure log in for that user.
The above is just an example but an easy to use 2-factor authentication would be a great option for the MFT.
