I would like to vote for an option to increase security but I feel that both of the presented options are not really that great... Mostly because they both start with "You would log into the account page" and there is nothing in either of these proposals to increase security of the account page. I would expect that most of these account take-overs happen due to a compromised forum account. Given that most people report that their alts and main get hacked at the same time, it must be via the forums account.
So some form of 2FA for the account page (ideally in my mind something like U2F) to lock down account logins, would allow Nasomi to have an option to only authorize game logins from IP addresses that have been recently logged into the account page. This would mean that for most people, you might only have to login to the account page every few days/weeks. In my case, I know my public IP address hasn't changed once since I moved into my current house three years ago. It could be optional and for most people it would provide a good mix of security and minimal change to how they are currently logging in.
It doesn't even need to be integrated with the forums login... While the account password and forums passwords are identical, 2FA could be only on the account page so that it would be code that Nasomi 100% controls. No problems with integrating with phpBB... But if Nasomi did want to do this for the forum accounts also I found this thread and is looks like there is active development and is nearing RC status so it would likely work.
https://tinyurl.com/y6ffnmsoSo in summary, Add some type of 2FA to the account page. And then add an option to restrict game logins to IP addresses that have recently been logged into the account page.