Hi,
Could the 2FA stuff perhaps be limited to people with developer role
or
such?
It is technically possible to only apply the mandatory 2FA rules to
only certain groups as Developer accounts are simply membership in
teams/kde-developers.
See
https://docs.gitlab.com/ee/security/two_factor_authentication.html#enforce-2fa-for-all-users-in-a-group
for the documentation on this.
Given that we are using Invent for authenticating our various other
services and the users of those aren't necessarily developers (while
still having access to sensitive information) it seemed more prudent
to enforce 2FA for everyone to ensure all our systems have a minimum
baseline of industry best practice protection in place.
This also avoids any issue when people are granted a developer account
and suddenly find themselves subject to a new requirement.
I think it is rather worse that now first time contributors have this
requirement.
A lot of people already complain "why can I not just use my GitHub
account',
now they need to setup this in addition.
And yes, beside for invent.kde.org, I never needed to use my Google Auth
App beside for some hosting.
All other things I use that have 2FA use different methods that don't
need
any such app on my phone.
Therefore that is more then just 2 clicks for a lot of people.
Greetings
Christoph
--
Ignorance is bliss...
https://cullmann.io | https://kate-editor.org
