Introduce a more secure way to access the Admin, as this could sometimes be critical.
This should work as an option per user and not system-wide. For example, Admin accounts use two-step verification, whereas moderators log in normally.
Two-step verification can be achieved though:
after logging in with a password a verification code is sent as a text message,
after logging in with a password a verification code is sent to an app we build,
QR or similar codes are used to identify a unique device owned by the account holder (e.g. personal smartphone). Pins or passwords can be used together with the QR code.
Introduce a more secure way to access the Admin, as this could sometimes be critical.
This should work as an option per user and not system-wide. For example, Admin accounts use two-step verification, whereas moderators log in normally.
Two-step verification can be achieved though:
Two leading two-step verification methods used by Google and Verizon: http://www.verizonenterprise.com/news/2014/08/security-qr-code-encryption-login http://www.google.com/landing/2step/