Gitlab update, 2FA now mandatory
kevin.kofler at chello.at
Tue Oct 25 03:24:12 BST 2022
Ingo Klöcker wrote:
> You are the only person in this thread (on kde-core-devel) who has voiced
> their disagreement with using 2FA and who demand its immediate
> deactivation. Why do you think a single person (you) who isn't tasked with
> keeping our infrastructure and the data stored thereon secure should be
> able to decide this?
To be honest, I am genuinely surprised that there are not more complaints
about that. I would have expected lots more. (On kde-community, there are a
few posts by Christoph Cullmann worrying about the impact on new
contributors, but even he does not seem to be opposed to 2FA for KDE
developers. Other than that, I do not see any kind of criticism either.)
Unfortunately, it seems that people have learned to put up with pretty much
any annoyance in the name of "security". (I blame airport "security".)
> I for one applaud the requirement to use 2FA on invent. I would love to
> see this on more websites.
That just confirms that this is NOT actually an "industry standard best
practice" as Ben Cooksley is claiming, but a completely non-standard PITA
that only a handful websites dare imposing on their users. (Invent is the
ONLY website that I use that requires this. Note that I do not use online
banking, and the ever-increasing security theater banks are imposing is the
main reason why. There is a reason mandatory 2FA has not caught on outside
of the banking sector.)
A lot of websites allow users to opt into 2FA (letting the security nerds
have their toy to play around with without bothering the rest of the world),
but forcing it down our throat is a wholely different matter.
> And, for what it's worth, since invent keeps personal information and
> since the GDPR requires using state-of-the-art technology to protect
> personal information, using 2FA is, in my opinion (but I'm not a lawyer),
> a must for any website that stores personal information.
See above, almost nobody else does this, so that interpretation of the GDPR
is pure nonsense.
More information about the kde-core-devel