I was unable to access my account for a few hours this afternoon.

I finally figured out that by clicking 'logout' and then logging back in, it worked.

In the process of figuring that out, I discovered that even though I have set up a username and password on my account, the old "secret URL" still works. So anyone who finds my secret URL can get into my account even if they don't know my password. They can also then divest and gamble away my coins, since 2FA is only required when divesting withdrawing.

I'd like it if:

1) setting a username and password stopped the secret URL from working
2) 2FA could be independently enabled for login, play, divest, and withdraw (rather than only being required for withdraw as it currently is)

Edit: fixed; thanks DiamondCardz!