We can enforce two-factor authentication but if that's not enforced it would be great if a user had the option of setting that up themselves.
