Carl Thanks for the update on this. I actually did just that using Google account as the login that has 2FA. This issue was more complex before you offered the option to change an email / password login from that to a google account. Everytime i attempted to use google as my login choice it told me i was using the email process instead. for those that dont know, you can go to your account settings page and change the login from email type to google account which is as Carl said "about " the same

Its great to have a response from Koinly but I don't think this is really given the priority it should be from Koinly as a co working within the Crypto space. They are prime targets for attack and as history has taught us.... :( Good to know there is a google workaround

It's good that there is one workaround for those who use the same Google email. Unfortunately I'm using a completely unique email address for Koinly access. While that does offer me personally some extra anonymity, there are still plenty of attack vectors which 2FA would negate. And it's really not great for those who don't use Google or unique emails and have had their emails leaked in the pervasive hacks that seem to plague most platforms. I'd almost suggest pausing all other development activity to get this rolled out, considering it's your customer's and their families lives potentially at stake. I'm sure 99% of us would understand and appreciate a short pause in development to get this over the hill.

As others have said, crypto is riddled with scams and hacks.

By not mandating or prioritising 2FA, Koinly is leaving a lot of users exposed. Without strong authentication, attackers can target accounts via credential stuffing, phishing, SIM swapping...

It also raises questions about backend security. If protecting user accounts isn’t a priority, there is a real risk that API keys, wallet addresses, or sensitive transaction data could be easier to access.

It’s not a stretch to assume Koinly will be a target because of these gaps...