What is 2FA ? What happens if we dont enable it ? Pretty sure 2 factor is essential for security these days - Users cant be expected to enable security themselves if thats what your getting at ?
1. Yes. 2FA might improve security, but it can be bypassed. 2. If you enable 2FA and you loose access to one of the verification methods, you are done. I never ever enable 2FA on my emails.
1. Bypass how? 2. If you should lose a password and you have no alternative to identify yourself you are done the same way.... It DOES improve it since any attacker on an account has to attack/try with a different IP address while one who has cracked a PW could abuse it from everywhere.
On the other hand, there simply is no 100% safety. 2FA is optional, not mandatory here, so why bother if you consider it unsafe?
@TairikuOkami This has nothing to do with really bypassing 2FA, it's more like picking an alternative route for identification. There is 2FA and "identify by personal questions" ... the latter is described in the article you linked to:
Feeling happy to get forum back again without any trouble. Give some more while to get acquainted with this style. Huge thanks for all associated with the huge job done. mohitkumarsen
If you bypass 2FA, then the implementation is a problem, and not 2FA itself. If you've got a super safe door in your home, and burglars break a window to get in, then you wouldn't blame the door... the problem then was the possibility of a bypass, in this case a window, being the weakest point.
This is what i use on my android. It saved my "ass" many times. This should be enabled for security reasons.
can we use gpg/ssh keys instead? i dont trust 2fa for multiple reasons. but i can trust my gpg/ssh keys. plus it provides strong anonymity a simple suggestion. if i remember correctly you can perform a server side and client side auth using tls in apache. i haven't run a scan on this site. so i can not speculate much. if i can include the certificate then you can be sure its me and none else. these different party/vendor apps makes me trust less apps and sites post snowden disclosure. thanks for wasting 2-3 minutes reading my reply.
for all members that is new here: Hmm Daz has already guided us from the "problem" years ago and so we must follow the guidelines of who KNOW what they are talking about; still remembering that it is part of the Main Administration myself I always followed and never had any problem just my 2 cents