One example would be key file(s).
It may raise the problem of DoS or of some kind for XenForo, but why not just make it an option/permissions that Administrators can enable/give.
I'm pretty sure most Administrators will most likely have a high-end dedicated server or Co-Location with their own material that would like to use this option. Because they most likely will have the server that may/may not be able to handle it (depending on the key file(s) size, which can be limited if it raises an issue).
So if by any chance XenForo can add key file(s) password authentication that'd be great.