Google's Authenticator app for iOS, Android and Blackberry allows you to use it to generate 2-factor authentication codes for anything that can use them (does not need to be just your Google account). It allows you to have an account that after you enter the login/password, you are prompted for a 6-digit code that changes every minute. The app on your phone generates the code... so essentially even if someone got your login/password, they couldn't access your account unless they had physical access to your cell phone (or any iOS device for the iPhone version). An example of how it works for your Google account: It would be really cool if XenForo supported this security model as an option for users (or maybe even a mandatory thing for admins/mods). Again... does not require linking your Google account to XenForo, but you can use the Google Authenticator app for any account/site.