I am evaluating methods to add extra login security to the site. First and foremost, the site is secured 100% with an SSL certificate, which encrypts content to and from the server and your computer. This helps scramble your password you enter in transmission to the site. This helps protect your logins from potential 'eves-droppers' from reading your password if they should spy on you in the coffee shop, or another open wireless network.
In today's day and age though, scrambling your password is not enough and it is vital anymore to use multi-factor authentication. I touched upon it about a month ago, I am still searching for other methods which would be easier to use and less cumbersome.
There are options to use QR Codes which you scan on your phone to authenticate you on the system using an app such as Google Authenticator on your phone. When you login using your password, a 6 digit randomly generated number will be on your phone which rotates out every 30 seconds with a new one. This allows you to log in with a different number set each and every time. Hackers would not know what the code would be the next time, so this helps keep you safe.
There is another option using the SecSign app I have installed, it operates on the same principal, but lets you log into the app, and then when prompted, tell the app you are logging in your site when asked. If a hacker tries to log in, you would be prompted the same way, but you would simply say it was not you and the site will not let the hacker in. This - to me is a better form a security and control. You have complete control over the login approval process.
The third option, is using a hardware token such as the YubiKey which lets you use your token to authenticate your identity. If a hacker grabs your password, they will not be able to predict the very long randomly generated password of the YubiKey. These are 4 generated keys from mine which as you can see, are all different and once generated, are NEVER used again.
The Yubkey plugs into your USB port on your computer, so it is very ideal if you are in front of a computer and not using a tablet or mobile device.
Let me know what you think and what would work easiest for you. :)