I would like to request you to support two-factory authentication. Specifically, the yubikey device. This request is similar but not equal to
The yubikey is a very nice, easy to use, affordable and secure OTP system that will allow you to easily integrate it into your own system.
They have many ways to integrate, but in your case using the Web API is probably easiest. They (Yubico) already provide code to make things easier.
Disclaimer: I'm not involved in anyway with Yubico.