As simple as in the title. The possibility to create an additional security layer, e.g where you have to enter e-mail+password, TOTP code AND a code per email to log in. Here the email would be the additional security layer.
That would be a simple step for much more security.