Ane mengerti maksud agan dalam praktiknya terkait login, yang ane maksud dalam statement ane adalah signed message hampir mustahil untuk dibobol.
2FA/OTP SMS memang lebih baik daripada tidak ada sama sekali, akan tetapi tingkat pengamanan masih kalah dibanding dengan signed message bitcoin.
As I understand, it's too difficult to integrate into current version of SMF.
Not only do I believe you're right, it probably is too difficult or too
risky to integrate into the forum in it's current state, but there is already an endless sea of "Account lost" threads, where people reset their passwords and lose their accounts, simply forget their passwords or goof their recovery questions. I think that until we have a decent solution for these people, adding 2-FA will only serve to exacerbate this problem. Then, you have to consider that even allowing user stats, images, new-tab and other features have proven to be security flaws to be exploited; I'm assuming that 2-FA would be no different.
This forum is not short of malicious users, and anything that can be used to lock, access or block your access will be pushed to the limits.
In the context you describe, being tricked into logging into a fake site, this would not help either. You would simply use your 2-FA to log into their proxy, they would forward this input to the real forum and then be logged into your account just as easily.
T-FA is fine Theymos-Factor Authorization2FA malah akan menambah masalah keamanan forum ini dan membutuhkan update forum sebelum bisa diimplementasikan.