Waterhole already requires the user to confirm their password when accessing the CP, so if you have a secure password it should already be pretty hardened. Multi-factor authentication is on the roadmap.
Probably not worth doing HTTP Basic Auth IMO, because it's not very secure. Restricting access per IP address could be a good extra measure.
You don't have permission to do this.
You're going a bit too fast! Take a break and try again in a moment.
Something went wrong! Please reload the page and try again.
Your session has expired. Please reload the page and try again.
Waterhole already requires the user to confirm their password when accessing the CP, so if you have a secure password it should already be pretty hardened. Multi-factor authentication is on the roadmap.
Probably not worth doing HTTP Basic Auth IMO, because it's not very secure. Restricting access per IP address could be a good extra measure.