Feature Request: Two-factor authentication for admin accounts

An unauthorized or malicious user gaining access to the backend of either hosted BLOX or TotalCMS could very easily do great harm not only to a newspaper's credibility and reputation but also to the community it serves.

As such, I would like to see the addition of TOTP two-factor authentication for admin accounts in both BLOX and TotalCMS. This would allow newspapers to secure these systems to a higher level than the current password-only authentication allows.

I would be perfectly fine with a simple on/off option that requires all admin accounts to use 2FA, however if we had the ability to get even more granular that would be great as well. In that I mean allowing us to set the 2FA requirement at the Group level when configuring the access rules for a group.

For example, we could require 2FA for anyone with the ability to edit news articles or send push notifications, but not require it for those who only have permission to moderate comments.

1. What problem(s) does this idea solve? Why do you need this idea implemented? Provide as many problems or use cases as possible.

Helps prevent unauthorized access to the backend of publishing systems and greatly reduces the likelihood that a malicious actor could post fake information or subtly edit news articles.

2. How often would you use this feature?

Every day.

3. How many people in your organization would use this feature?

All staff members.