Two-Factor Authentication

I don't think it's a terribly good idea to introduce a feature to increase security, and then go on to add a feature that decreases it. The current session expiry is 24 hours of inactivity, and that seems fine.

I will need to give it a go, but it will be after I get one of the apps in order to scan the code bar thing.

This. 24 hours is what we use at work, so I'm used to it Niet, thank you for adding this! I'm amazed it was able to be added so quickly, this is awesome

It is less secure, but still considerably more secure than not having 2FA enabled at all. I think the point is to have more people enable it. It's an optional security feature, and a lot of people will not enable it because it feels like too big of an inconvenience to enter the code every log-in. People are prone to feeling like things such as getting your account stolen will probably never happen to them, and won't feel the security is worth the inconvenience. It would especially help users who go inactive but now have 2FA enabled. If the inconvenience is not so bad, but the security is still mostly there, so more people use the feature, that sounds like a win to me.

I suppose something like this is alright but for me, my phone is an old one and I may need to replace soon so rn I don't feel comfortable putting an app on when the phone may need replacing soon. I hope that in the future there can be an extra way to secure your account without needing an app to do it. :)

I won't be using it because I don't have a QR scanner and I don't really know how I'd set this up without having to trust some random QR app. Also, chrome automatically saves my login for my email so I auto-login to every site and if not it's saved to the webpage so I don't really have a use for this aside from making it more difficult to hack my account but it's more difficult for me to even login too so I would just get annoyed with it .-. This has no impact on me whatsoever.

Go to your app store and search "Google authenticator" if you're on an android. It's not a QR app. You just enter in the details and it syncs and gives you a code you enter in the box.

That's literally the whole point of 2FA! Yes, security comes at the cost of accessibility. You could just leave your front door unlocked because it's easier than having to mess around with keys when you come home from shopping, and you're always home anyway so no big deal right? Security is always a trade-off. It's up to you to decide if that's a trade-off worth taking.

This seems unlikely, but on the topic of security... Is there any way to add a self ban process, a deletion process, anything to make an account otherwise inaccessible. Often times my accounts that get breached are old accounts I don't even remember using. If I had deleted them, self banned, whatever, they wouldn't have been at risk in the first place. I would really like a way to get rid of my Pokefarm account or at least make it inaccessible so I don't have to risk a password being leaked somehow. Edit: or my PayPal information. My PMs will be there for, y'know, forever. So surely eventually someone could get onto my account and take the information. Other sites have a self ban process, which isn't the same as deletion, but I know that Pokefarm doesn't want to.

If memory serves correct, there have been users in the past who have asked to be locked when they left? I might remembering wrong, but I don't see why staff would turn that down.