This suggestion has been closed automatically because it did not receive enough votes over an extended period of time. If you wish to see this, please search for an open suggestion and, if you don't find any, post a new one.
With a decent password, 2FA enabled which would require the device in order to log in, coupled with .htaccess password auth, I don't see what else could be done.
It would help admins identify problematic people that target their ACP. This is a feature that is available on other platforms such as vB, and I feel it would be a no e addition to XF.
You haven't explained how it would help them lock things down.
The only identifying information you would have would be an IP address and to prevent it, it would have to be blocked at the server level.
If it's a dynamic/proxy IP address then doing so is pointless.