Has anyone incorporated additional security login security features to their public portal when using authentication to reduce bot style activity trying to penetrate their solution as a possible back door into their environment?

Examples would be Recaptcha, 2 Factor, etc?

Thanks