The admin should be able to set a temp password field for users in order to login and change their own passwords

There is no brute force protection as far as I can tell

During install, you should be able to add a function send an alert email if certain conditions are met, like a brute force attempt

During install, an option to set the mode to single user mode with no username required upon login would be nice