I would like to see the ability to use FIDO2 hardware tokens (For example, a YubiKey) when logging into the Pi-Hole Web console. Would prefer the Passwordless option with PIN, but would be happy with any olne of the FIDO2 modes.
Yes, Physical (and Logical) access to a Pi-Hole instance can be managed, but given todays Hacking landscape, having MFA is always a good thing. In addition, I am sure a pretty large number of Pi-Hole users have some kind of VPN or other hole punched in the firewall.
The used case is to protect login to the Web console. This will keep bad guys out of the configuration sections.