This makes no sense. If I want to post crap I can create a dozen accounts and post crap from them. If you are a mod then sure, you should have 2FA as you have some vague powers. The average user has none and should have the choice on 2FA.
But again, it's not just all about you. The MM, as stated dozens of times in this thread by now, is a fairly high value economy. If you want to post here, you need to take a step to protect everyone else - not just yourself. The choice resides with the people who own, run and administer the site/forum, not the user. You might never meet measles/mumps/rubella/polio/covid in the wild, but you're definitely sensible to vaccinate for everyone's sake as much as your own.
If you have any comprehension of how security works on the web then you wouldn't be suggesting that being compromised in "one or two weak places" causes it to domino. My main "I don't really care about this account" password that I have used for years has been leaked dozens of times. I don't care. Unless they have access to my gmail, my phone and my authenticator app they ain't getting anything of value and any accounts I care about have 20+ character password, 2FA and sometimes more.
Christ, most sites with super vital information don't force you to use 2FA because they know that some people don't want it and are happy with their current security level. On your head be it.
Most people don't have a clue about OPSEC, INFOSEC, COMSEC or DEVOPS etc. They aren't informed enough to decide what is sufficient to be 'happy' with. To stretch the analogy further, see: AntiVaxxers. Most people with no care, knowledge or regard for things like MFA are also the sort to use the same dictionary username and password across all their logins. Once one leaks...
If you've never seen a DEFCON demo of taking one piece of info from a volunteer, and then spending 20 mins to use that to gain (eg) their email listed in that one account provided; then using that to link to their social media and their mobile number; then their address and other details; and then owing their email and mobile accounts through a combination of dumps/leaks, social engineering and layering one nugget of info on top of the other as they tunnel through your online life... Well... It's pretty eye opening.
I don't claim to have 'any comprehension of how security works on the web', I've only been coding and using it for >30 years for (mostly) fun. Like anyone who isn't obtuse, I learn something new every day and am no way an expert in... anything. My main interest is Unix, networking and cryptography. I just happen to have a side eye on red teaming due to my main interests.
Regardless, it's a fuss over nothing. Using 2FA is easy, can be made literally seamless and touch free, and only adds to your layered security. Why wouldn't you? It's hardly laborious - even my technologically illiterate OAP mother can do it.
).
