Just a quick note to say that two-factor authentication has been added to version 7. Any user can enable it from their profile page. Users will need a TOTP-based authentication app such as Google Authenticator or Twilio Authy to enable it.
If you prefer, you can require all users on your account to enable two-factor auth from Settings > Advanced. If you turn this feature on, everyone (both new and existing accounts) MUST enable 2FA before they’ll be be allowed to do anything in the CMS — so use with care!