Thanks for reaching out and providing that feedback. We’ll work on getting these gaps filled in our Help Docs.
Enabling 2FA should not cause you to have to log out and back in more than you currently do. Since the Canary app remains logged in when running in the background, it will not require 2FA when you want to open it. It will only require the 2FA check when logging in on a new device, or if you were logged out on your existing device.
If you do need to disable 2FA, you can also do so via the mobile app. It just requires another 2FA check to disable.
The FaceID works a bit differently. This one is more like a passcode for opening the Canary app. Each time you want to access the Canary app you would need to also authenticate via the FaceID feature if enabled. This is designed to help prevent someone from being able to open the Canary app if they get physical access to your phone.
Hope this helps! Please don’t hesitate to let me know if you have any additional questions, or if there is anything else we can assist with!