Fasdgs: Koinly contains everything required to experly phish you. All your wallet addresses. Every transaction. What you bought when and for how much. What crypto exchanges you use. It also offers implied information, such as the fact that you are a crypto user. It tells an attacker who active you are (do you trade daily, or just buy once every 6 months). Koinly has your name and your email address.

Koinly has very sensitive information that could cause a lot of harm to you if it got into the wrong hands.

Philip D'Ath: Yea sorry to break it to you but literally everything you interact with these days have that information and HEAPS MORE. This is paranoia to the fullest. There is nothing anyone can do with information stored on Koinly, and if they can, then you've got a lot more problems than 2fa here. With this logic, you should put 2fa on every single website you interact with that has even nothing but your e-mail.

They can do optional 2fa as I said for the paranoid, but anyone with basic understanding of online safety will be just fine without it. Leave 2fa for websites containing ACTUAL sensitive info.

Those with a brain understand that a bigger problem of the 2fa-filled future is losing access to said 2fa. (looking at password managers protected by 2fa...). Stop the paranoia. Please.

Fasdgs: I do personally believe you should secure every web site you use that stores sensitive information about you with 2FA. I class (name, email address and transactional information) as sensitive information. You feel differently. That's fine.

Philip D'Ath: Agree in concept hard-disagree on reality. What will happen is "A" website will require Authy. "B" website wont work with Authy but will with some other random 2fa tool. "C" website will work with any. This is the world we are in now.

Password manager + randomized password generator is sufficient. Secure additionally 2fa to vital accounts like bank crypto-exchange etc. Koinly is not vital. Thats my take-away. Maybe in the future I will agree with you, but currently it is all a big unnecessarily complicated hassle for minimal reward.

Fasdgs: That is not the world we are in. MFA "codes" use the standard TOTP algorithym. It doesn't matter if you use Google Authenticator, Microsoft Authenticator, Authy, Bitwarden, etc - they will all produce exactly the same codes.

Personally, I used Bitwarden for everything. I like how they never have access to your plain text data, and you can sync your password+MFA database between all of your devices. It really couldn't be simpler. Most of the time it is 3 mouse clicks to log into websites that have username+password+MFA.