Two-Factor Authentication

If that's possible, I'd be glad to do it. It sounds similar to a self ban process anyway.

It's great that you're working on making logging in safer! Isn't 30 seconds kind of a short time though? I didn't test it myself, but that sounds like it could become a problem for people who type slowly (e.g. physical limitations) or have trouble reading gibberish codes (e.g. dyslexia).

@pixelkitty: More accurately, we can force-reset your password which makes it so that your account cannot be logged in to until you reset your password via the login form. @ShadowMetaru: Great question! While the code changes every 30 seconds, the system does allow one code in the past or future to work. This allows for things like clocks being out of sync - as well as slow typists. It's only a six-digit code though, so I can't imagine that taking much more than 30s.

I don't want to enable 2FA until I can disable it, so I want to ask a question since I can't just test it... are you saying you have to enter the 2FA code *every* time you log in, even if you're using the same device? I don't want the normal session timeout to be increased, but I would like it if the 2FA could be optionally remembered on a single device for 30 days. I know it's technically less secure but, well, it still prevents most remote attacks, and people who share devices can leave the remember box unchecked for increased security.

Yes, 2FA becomes a requirement every time you log in. But if you're using the same device repeatedly, you'll stay logged in unless you stop using it for 24 hours. So it's really not a big deal.

Thank you for letting me know! On the topic of the thread, I'm glad 2FA is here and isn't something incredibly difficult to do like some of the suggestions in the thread.

Just enabled my 2FA for PFQ, woo! Hurrah extra layer of security! <3

Oh thank you Niet! 2FA is here, so off to go make it work on my account too ^-^

Woo update, that was a fast, and awesome!

I'm incredibly thankful don't get me wrong. I understand the need for this, hence why I'm asking. Considering this site is relatively old, and especially considering that paypal/money is often used here, why wasn't 2FA implemented sooner? I assumed there was already a layer of security like this to protect users because of the use of money here, but to find out that there wasn't all this time...That genuinely worries me. I never searched for it because I didn't need it (as my password is very unique to here anyway, and I don't use money to pay for in-game currencies). I understand if you guys were busy and what have you, but this website is years old, including a site transfer.