@JohnMuirJr, I feel for ya, buddy. I know youâre just trying to suggest an optional extra layer of security.
I feel for you, because my husband is Mr. Tech Man (I cannot comprehend what he does for a livingâI just call him âKing of the Nerdsâ) who married a hee-hoo Luddite. Iâm sure he loves it every time I complain about having to identify which of these 16 grainy images contains a bridge in order to buy groceries. Or when I threaten to throw my laptop into a volcano when my browser logs me out of my email and it requires 2FA even after the hundredth time Iâve told it to trust this browser. I bet it brings him joy.
I love the idea of web security, but boy, do I despise the steps required.
That said, thoughâsince what youâre suggesting is optional, I think we should put away our pitchforks and let folks make their web experience more secure.
I only got around reading this now. We have closed this topic as requested, but I just want to add some thoughts for future reference.
Having 2FA is in our wish-list to have but, admittedly, it is a veeery long list and this one is not very high priority for us. I donât know when or if weâll get to it.
To be clear, the suggestion presented here was to add 2FA as an option â it wouldnât make sense otherwise in Postcrossing. It will never be implemented as only required authentication method: password will always be the default authentication method, and 2FA would be available, as an option, for those that want to go the extra mile and secure access to the account.
I fear however that the suggestion by @JohnMuirJr wasnât understood that way and some of the replies werenât very open to the idea due to that misunderstanding; also, I think some of you were mostly venting the frustrating with some 2FA implementations that exist out there.
While 2FA does have clear advantages, it also adds up complexity. Not just in its implementation but also in support processes as loosing access to accounts becomes more common and difficult to handle (if one implements 2FA correctly). And, because 2FA would be optional and used by very few (as, unfortunately, 2FA remains not very user friendly), the overall added value would be limited for the project: right now we prefer to focus the use of our time in protecting user data in other ways that benefits the majority of the members or not just a few.