I would suggest adding an options for two factor authentication (can be forced by the community manager). It is simply too insecure to only use username and password.
Hi Johnny, thanks for posting. Great feedback! We will track this as a feature request.