Feature request: Allow different passwords for devices or channels

[lab-at-nohl]

MFA is great and definitely on my to-do list. However, attackers could use other channels like ActiveSync for emails and WebDAV for files. These are not secured by 2nd factor but exposed to the internet as well. I like what yahoo had done some time ago: Here you can/must setup additional credentials for each device (respectively each login other than by the web ui; like IMAP). Possibly the admin could enforce the use of the non-standard usernames/passwords. A least the user itself can choose where to use additional passwords if appropriate (like for each client software, or for each device, or use an additional password for all DAV-accesses, and so on). Of course, such user-password-combinations must be syncable to ldap.