Kerio Control 8.5 has added two step authentication. Unlike systems that use text messages or voice to give you a key to respond to the challenge, Kerio Control uses a QR code that you must scan with your smart phone using an app. The app tells you the code which you then type in to gain access.
The administrator can make this optional or compulsory. It does not apply to local connections and you can have it remember you for 30 days.