Hi @Thimotheus, thanks for you input.
Two factor authentication (2FA) would make a lot of sense. We have some people who can access personal data of tens of thousands of people.
Security is discussed often, but actually 2FA never came up. I doub't that this will be a priority for use right now, but we will discuss it in the community. I opened an Issue on Github: https://github.com/hitobito/hitobito/issues/361