Under the IP restrictions, would be nice to either allow safe IP's only or allow all but if logging in from trusted IP you can remember devices for x days and have longer session timeouts.