2-Factor authentication is recommended for increased security for online applications. Our Board of Directors is concerned that passwords don't change for RE NXT, and has requested that we make 2-Factor authentication mandatory for RE NXT.  I'm not sure how this could be enforced given that 2-Factor authentication is optional and controlled by the user.  Is this something that is on the radar, or could an audit report be made available that would identify users who have activated/not activated 2-factor.