I think it would be nice to allow a option for passwordless login to the CMS (e.g., https://passwordless.net/ ) for keystone. I think this would provide a better option for security and overall UX.