Today I have added the ability to enable two-factor authentication for your account.
What this means is that when you login, it will prompt you for a time sensitive one-time passcode which you will generate from a paired app on your phone. You can then also save your device as a trusted device (if that is enabled) to bypass two-factor for that device.
This will allow you to better secure your accounts. Currently only the Web interface login requires the Two-Factor auth, this will not affect logging into mail or git. As you cannot change any of your account info unless you go through the web interface (password, etc), I think this is alright for now.
To enable it, login, go to your settings, click the Security tab, and turn on Two-Factor Authentication. Once you click Save, you will be prompted with the secret key to use on your Authenticator app. You can use any app that utilizes the timed base one-time passcodes (Google Authenticator, etc). Once you have added it to your app, you can verify it is correct on that form. You can always go back to your settings and click the Set Up Authenticator link below the setting to bring up the secret key and verification section again.
Every time you disable/enable the setting, a new key is generated, so make sure you update your Authenticator App with the new key before you logout.
If you have any issues with this new feature, or have suggestions, feel free to shoot us a message.