Theres a small recap of threads that have versed on 2FA on the forum in this thread:
. I asked the same question a couple of months after joining, surprised that it was not available as an optional feature.
<
>
@theymos, couldn't a lot of this be avoided if we had a 2FA system in place? I know you don't want to use the google system, and I don't blame you, but what about a decentralized system like using a PGP public key to generate single-use passwords, and send PGP encrypted password recovery links to the registered email?
I know we've discussed this numerous times, and it's always been shutdown. Forgive me if I'm beating a dead horse, but I think I would rather live the downsides of a 2FA system opposed to the downsides of farming out account recovery.
That wouldn't eliminate the need for manual recoveries; it might even increase it as people lose their second factor. 2FA would be nice, but IMO the email notifications provide many of the same benefits, so it's not high on my to-do list.