Hardolaf wrote:Most e-mails are sent over plain text, this would not significantly increase security.
The security increase is achieved by the OOBC (Out Of Band Channel). The e-mail is a different channel than the page loading. So it does increase security by making the task more difficult for the attacker.
The main situation is that the actual security increase is small compared to the increase in complexity when logging in as it is now.
IMO, this is something that makes sense to place in phpBB but only as an extension or as a MOD.