Gitlab update, 2FA now mandatory
Christoph Cullmann (cullmann.io)
christoph at cullmann.io
Mon Oct 24 08:19:49 BST 2022
Hi,
>> Could the 2FA stuff perhaps be limited to people with developer role
>> or
>> such?
>
> It is technically possible to only apply the mandatory 2FA rules to
> only certain groups as Developer accounts are simply membership in
> teams/kde-developers.
> See
> https://docs.gitlab.com/ee/security/two_factor_authentication.html#enforce-2fa-for-all-users-in-a-group
> for the documentation on this.
>
> Given that we are using Invent for authenticating our various other
> services and the users of those aren't necessarily developers (while
> still having access to sensitive information) it seemed more prudent
> to enforce 2FA for everyone to ensure all our systems have a minimum
> baseline of industry best practice protection in place.
>
> This also avoids any issue when people are granted a developer account
> and suddenly find themselves subject to a new requirement.
I think it is rather worse that now first time contributors have this
requirement.
A lot of people already complain "why can I not just use my GitHub
account',
now they need to setup this in addition.
And yes, beside for invent.kde.org, I never needed to use my Google Auth
App beside for some hosting.
All other things I use that have 2FA use different methods that don't
need
any such app on my phone.
Therefore that is more then just 2 clicks for a lot of people.
Greetings
Christoph
--
Ignorance is bliss...
https://cullmann.io | https://kate-editor.org
More information about the kde-community
mailing list