How about the option of 3-factor?
. Google auth would be better than email but both are only as secure as you are. Email is probably much easier to hack, but couldn't you reset google auth via email?
Why not? The more the better if you ask me.
I actually agree. More would make me feel more secure but it could also lead to more problems. People will likely complain if they lose access to their 2-factor and then pester theymos to remove them which if he does it's not very secure and if he doesn't then their accounts are screwed. Always going to be a catch 22.
That's their problem and theymos shouldn't do anything about it. I have even registered on a few sites which state that password recovery is not possible, even if you contact support.
Every single member is obligated to know their password/or in this instance their 2/3-factor.