The reasons I'm holding off with 2FA is mostly because I'm weighing my options in terms of the several different ways it can be implemented, and what standard to use. I'm leaning towards WebAuthn and/or TOTP, but the WebAuthn spec is a bit of a mess and TOTP is is some ways less secure than using a good password manager. I'm not saying they're worse than nothing, only that they both give me a bit of pause and don't make me want to rush away to implementing them. Coming sooner or later, though.
noindyfikator wrote:This disadvantage is like when you lose key to your house, you won't get in.. xD It's how it works, it's not disadvantage
When you lose the keys to your house, your house is generally not forfeit, though; there's always the option of going to a locksmith. I actually don't know what steps locksmiths take to verify that their customer really is the owner of the house, but I imagine there are quite reliable ways to do so with real property. Verifying that some person in a PM is the real owner of a Haven account, however, can often be quite tricky, to say the least, and account recovery certainly is a real problem with 2FA.
Anyway, since there were no security of privacy complaints against the log implementation, I've now added it to the site.