Players with the appropriate permission can opt into the '2StepAuth' program which verifies if the person logging in to the server through a registered account is the actual owner.
How does it work?
The way it works is easy: Once you log in and register to the 2StepAuth program you will be given a link that leads you to a QR code, you simply get the Google Authenticator application (Available for iOS and Android) and scan it, it will give you a six digit code which changes every 30 - 60 seconds. Once entered you are 'logged in' fully to the server. When you login using the same IP as last time you will be automatically logged in, but if the IP is different you will be asked to enter the code again.
Once a player incorrectly types in the code three times create a notification for administrators to inform them about it, allowing them to look further into the issue (Useful on servers which track players IP's and login times!)