madprime
commented
4 years ago I think it would be good to have this. There are some accounts (admin & project leaders) where ensuring the account control isn't breached is far more important than "average users".
Since we're already using django-allauth for password & social logins, I guess the first thing to do will be to look into https://github.com/percipient/django-allauth-2fa
Since Open Humans is dealing with very sensitive data, you should evaluate adding support for two-factor authentication to better protect the users' data. There is a variety of options available to realize this, not limited to:
2FA should be required for accounts with very strong security concerns such as admins and project leaders.