Even more basic is to fix the two factor authentication login process that is implemented in a strange manner. Once login is achieved with uid and passwd then the second factor comes into play where the user must add in the server-side factor. Requiring the password again is useless (in a security sense) and forces unnecessary procedures on the user for no security gain.