have you thought of using 2FA?
2FA is any two of the following:
- Something you know
- Something you have
- Something you are
"Something you know" is your password.
"Something you are" is right out as that would involve biometrics or some other kind of personal tracking.
"Something you have" would involve sending you a physical token of some kind, or implement some kind of third-party system (eg. to send text messages), or develop an authentication app (with all the problems that come with that).
Anything less than this would not be "real" 2FA. Sending an email alert saying "hey is this you?" is NOT 2FA because what is your email secured with? Another password.
So yes, we've thought of it. At length. We cannot implement it at this time.