Ger wrote: ↑Mon Jun 11, 2018 2:32 pm
2FA is securing the bypasses, e.g. when your email account is hacked, somebody resetting your phpBB account linked to that email etc. Or simply somebody guessing your password or when it's retrieved through a MITM attack, a keylogger or just watching over your shoulder while you type it. 2FA is simply extending the "something you know" (password) with a "something you have" (your phone). The combination of those two required to login makes it way more difficult to breach it.
Nothing more to add. I do not need anything else. Nowadays, you should protect the system from attack because you never know if the hacker no longer steals my password. Double authentication by SMS, key generator or software authenticator is a very good method of securing access recognized by IT systems, banks and others. Only phpBB is immune to changes
If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?