Surprised the team didn't consider this already!
Two-step auth is very important for security!!
For example, let's say a hacker did find a way to figure out your password to the server, you are still safe because they can't access your panel without your phone.
And if you're thinking "Well he has my root password, he could just use SSH" then simply change from password auth for ssh, to SSH Keys, then you're fine
But really CWP, we should add Authy/Google Auth 2 step auth to the CWP panel for both Root and User accounts. It will be an optional feature, but one that is needed. Make sure there are "backup codes" that can be generated too incase we lose our phones or what not; and that they are NOT stored on the server since that would compromise security. They need to be generated and emailed/printed off; then delete it from the server somehow. Not sure how you guys will do it, but you're geniuses
Keep up the amazing work on this panel!