2fa is enabled in essence because when someone tries to hack and take access of your account you can lock it via the link in the email you get if it wasn't you. The issue is is that most people complaining in Meta are waiting for their accounts to be restored to them by an admin which isn't really happening. Better 2fa options will be available on the new forum but the email lock is probably as good as we're going to get on this one.
why not also add email confirmation
(to old email address) when a user changes his email address?
wouldn't that prevent hackers from easily changing email address to take over an account?
this way, admins will be needed only if the user lost access to both forum accounts and email address
would this be available on the new forum?