Greasy Fork

Greasy Fork now supports enabling two-factor authentication (2FA) on user accounts that log in with an email and password. This provides additional security by requiring entry of a verification code from an app like Google Authenticator or Authy when logging in.

To enable, visit your profile and click Edit sign in methods, and click Enable 2FA. (If you don't see that button, that probably means your account is not using a password-based login, which is perfectly fine and secure.)

This is currently entirely optional. In the future, the site may eventually suggest, recommend, or perhaps even require 2FA for password-based login for script authors.

Let me know if you have any questions, comments, or suggestions.

I don't like being forced to do 2fa. While it may be more secure, I'd rather just do an email code since I'm almost always logged into my email (it's just one tab away.
Github forced 2fa on everyone, so I just deleted my account and switched to another service.

Anyway, is it possible for me to remove the password here from my account and switch to login with google account or whatever?

Anyway, is it possible for me to remove the password here from my account and switch to login with google account or whatever?

Yes, after you add the external sign in on the "Edit sign in methods" page, you will get an option to remove your password.

And to reiterate, the potential future suggestion/recommendation/requirement for 2FA will only be for script authors who use password logins. If you use Google/GitHub/GitLab, or if you haven't posted any scripts, you will be unaffected.

All script authors with a password who registered after Jan 22, 2025 will now have to enable 2FA before they can post scripts. Alternatively, they can use an external login method and remove their password.

In addition to all users who registered after Jan 22, 2025, now all users who registered before this date and have not yet posted a script will be required to enable 2FA or use external logins if they wish to post a script.

I strongly recommend all script authors make this change. It will become mandatory soon.

Might wanna enforce it also when posting a comment with a link in the forum. Currently there's like a hundred of spammers daily, 10-20 of which get past akismet and actually post ads.

P.S. At least when posting in the non-script forums (GF feedback, development) as it's where 99.9% of spam goes.

I personally do not protest 2FA, but since GF requires re-login every few months, it would be too tedious to enter 2FA code every time that happens. Is a "remember me" option that keeps you logined forever possible?

Might wanna enforce it also when posting a comment with a link in the forum. Currently there's like a hundred of spammers daily, 10-20 of which get past akismet and actually post ads.

I don't think 2FA is an effective anti-spam tool. It's an extra step, but it's pretty easily done.

I have added some additional checking for the spam that's coming in now, and will make more changes to deal with it.

I personally do not protest 2FA, but since GF requires re-login every few months, it would be too tedious to enter 2FA code every time that happens. Is a "remember me" option that keeps you logined forever possible?

It looks like the behaviour was that your session timed out after 2 weeks even if you chose "remember me". I've made an adjustment to the settings so that if you choose "remember me", it now resets the 2 week timer. This should keep you logged in, assuming you visit the site at least once every 2 weeks.