Stratogeist & Pepperly
Two-step isn't just phone SMS or mobile apps. (Assuming you mean the two big authentication apps such as Authy & Google Authentication)
There are plenty of major websites that do it email-based. Which, you do need an email to create an account Toyhou.se. And it's fairly user-friendly, as I've done something similar to my website as well. Platforms don't have to limit you to one type of two-step, but rather give you a few options to use. If it costs money to have two-step enabled (Which I wasn't aware of, but I guess it makes sense) then there are ways to make simpler versions [without going through an existing company].
I've also stated that there's no need for account security in general [before post revision], counting Toyhou.se isn't that big, and account stealing isn't a current issue. Botting isn't an issue as well, to my understanding. However, there is no reason I can see that users shouldn't have the option to protect their accounts. If someone got in, there is 100% no way of knowing, and that can be scary to some users, to not fully know what would be happening to your account at all.
I use randomly generated passwords for ALL of my websites. I ALSO use two-step on every website that allows it. It might be more of a personal thing for me rather than an objective "This is needed to this platform".
A lot of people won't use the feature, and that's okay! I would personally use it.
The password attempt limit would be better than nothing, so I agree!
Though I don't 100% personally understand the last parts. Just because something can be copied without a login into my account doesn't mean I want no way of protecting myself, if that makes sense? People should always back up their characters in general, but the debate isn't so much of "Will I lose all of my characters?" but rather "I have zero control over who can access my account besides the one thing preventing it, which is my password" which isn't something I like thinking about.
If this doesn't bother a lot of people, that's great! I hope people aren't too worried about losing their stuff, it wouldn't be much fun of being on this website if they're worried about people logining in all the time, right? It's more of "This would be nice to have, I see no reason why we can't have this" kind of suggestion.