I thought I had already posted this feature request, but it seems to have disappeared.

We have had multiple customers request that we support optional 2-factor authentication for customer login as well as notifications for logins from a new IP for added security on the front end.

We have also had multiple customer requests to support passwords longer than 15 characters, which is the current password max length limit for customer passwords.  Many website security firms are suggesting the use of passphrases rather than passwords, and 15 characters does not really accommodate that.  We have also recently started using a password manager that generates suggested secure passwords, and by default it generates 32 character passwords, again, these are not supported by the current password limitations. It seems like the 15 character limit on passwords is too limiting to accommodate many current security recommendations.