On Thu, Jun 11, 2026 at 11:05 AM Daniel P. Berrangé <[email protected]> wrote:
>
> IMHO it is not a good look that Fedora continues to allow passwords
> alone, given we know we are a high value target, and the consequences
> can be potentially far reaching. 2FA isn't a magic solution to all
> threats, but continuing to allow passwords alone makes compromising
> account credentials too easy.

Don't forget that the actions here happened on Bugzilla, which uses a
separate account, and is not necessarily connected to people's FAS
accounts (and on GitHub, also not FAS related). I'm not sure that the
"classic" bugzilla login supports 2FA *at all* (while FAS does at
least to some degree).

Fabio
-- 
_______________________________________________
devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: 
https://forge.fedoraproject.org/infra/tickets/issues/new

Reply via email to