This article explains adding an additional password to the wp-login.php file. Every user will have to enter a secondary password before retrieving wp-login.