Two-factor authentication
Perhaps we should allow external users to enable two-factor authentication.
Furthermore, we could allow internal users to enable two-factor authentication too, which would send them back to the SSO after login in order to enter a 2FA code as well. We might also want to enforce this for coordinators and administrators (or perhaps all users with access to the management panel?)
We could also extend the session length, and make users reauthenticate with 2FA at least once every 24 hours in order to access the management panel (can be done via a signed cookie)
Edited by Martin Mladenov