After enabling two-factor authentication, I read the instructions on how to disable it:
"You need your password and an authentication code from your authenticator app to disable two-factor authentication.
If you lost access to your authentication codes, you can also do a password reset via email.".
So anyone gaining access to my mailbox can bypass the two-factor authentication and get a new password as if there was no two-factor authentication in place. Are you sure this is wanted?
It shouldn't be so easy to get access to your mail. Also you can/should enable two-factor-authentification on your mail for sure. If your provider doesn't have 2FA then change your e-mail-provider in my opinion. Your Mail should be your most safe account (all should be safe ofc), cause it will provide access to most of your other accounts (not only lichess).
EDIT: For more info about your account being safe read this Blogpost:
lichess.org/blog/X663WxUAACIAcvoR/account-safety-on-lichess-and-beyondAn e-mail box is usually just password protected. This is a lower level of protection than two factor authentication. So the part
"If you lost access to your authentication codes, you can also do a password reset via email"
degrades the two factor authentication to the level of just password protection.
LiChess should implement two factor using an authenticator like Google Authenticator.
@nexus6ca That is in place. It is what we are discussing here.
#3 Like i said in my first post: Most e-mails have two-factor-authentification. Look into the settings of your e-mail and you will most likely find it. Also don't reuse your passwords. So it would at least add another password. If your e-mail is less secure than your lichess account there is something wrong in my opinion. Your e-mail should be as safe as possible.