Customers of a hosted kolab installation are able to add two factor authentication tokens to their account that are required for any login into the HKCCP and potentially also for destructive operations.
There is a recovery procedure in place for users that lose their token.