An interesting analog, but I found an equally universal security plugin roundcube email and it consists of using a one-time password by generating tokens.
Roundcube 2 factor authentication sets the password after logging in via the main one which makes this protection more functional and reliable. I think with this approach, roundcube is guaranteed to be protected.