Two-factor authentication, or 2FA, is an extra layer of security used when logging into websites or apps. With 2FA, you have to log in with your username and password and provide another form of authentication that only you know or have access to. It is already used on major websites (www.turnon2fa.com).

The fact that a second factor of authentication is required significantly reduces the risk of compromise versus reliance upon a username and password alone. Password managers are great and they help guard against the risks that arise from people’s password habits. But they don’t protect against external threats to passwords. For instance, if cf database with passwords is hacked or if a personal computer is infected with malware that records keystrokes to steal account credentials, then the complexity and longevity of the password won’t help protecting your account. But 2FA will.

Using 2FA would resolve recent security issues, and make cf users more secure about their accounts. It should be optional, and I recommend using Google 2-Step Verification, which is already used on Github.