OpenCart also has a Google Authenticator plugin. The Google Authenticator is available for Android, Blackberry, and iOS. This will make the admin login like the login at your bank, where you have to enter a few numbers either sent on sms message, or generated by some small device. Unless there is a critical flaw in OpenCart people will not be able to login to admin without access to your phone as well.
http://www.opencart.com/index.php?route=extension/extension/info&extension_id=7956

--
My PGP is available at: http://downgoat.net/contact/