Research and, if possible integrate U2F authentication as a method for two-factor authentication.
Some quick notes for when this is started:
- U2F only works in Google Chrome at the moment, as it requires speaking to the actual device.
- Yubico provides libraries and a standalone server for U2F. It'd probably be best to have options for both.
- PHP library: https://github.com/Yubico/php-u2flib-server and https://developers.yubico.com/U2F/Libraries/Using_a_library.html
- Standalone server: https://developers.yubico.com/u2fval/ and https://developers.yubico.com/U2F/Standalone_servers/U2FVAL_REST_API.html and https://github.com/Yubico/u2fval-client-php