add support for two-factor / otp auth
add support for apps like google authenticator, use pyotp, oath or just some builtin code.
maybe needs some additional code to generate qr code for the shared secret, e.g.:
see also the passlib issue about this:
Note: while not strictly required, it is useful to have a device that can scan a qrcode for this task. otherwise you have to somehow otherwise share the secret.