Two-Factor authentication is gaining in popularity, and it's a great security tool. From a financial perspective, time spent implementing it could be offset by time saved when user accounts aren't getting compromised and domains aren't being transferred fraudulently.
A couple ways it could be implemented:
1. Text a randomly generated number to a registered mobile device when a user logs in from an unrecognized computer / IP range.
2. Use the Google Authenticator PAM Module to allow Namecheap users to generate tokens on their smartphones via Google Authenticator.
I'd love to see Namecheap implement one of these options! Thanks.