On Wed, Aug 24, 2022 at 09:51:40PM +0200, Bastian Blank wrote: > On Tue, Aug 23, 2022 at 10:55:27PM -0700, Ross Vandegrift wrote: > > On Fri, Aug 12, 2022 at 05:37:33PM +0100, Marcin Kulisz wrote: > > > My take on the latter would be that one of the delegates if we'd have a > > > chair > > > would be holding MFA to this account and this would be passed along this > > > line to > > > the next one and it should be an obligation of the chair to do it be. > > > I would nominate Ross as the person usually charring our meetings. > > > Any other ideas or suggestions how to do it? > > Bastian suggested storing it in the password repo [1]. I like that since it > > supports providing access to multiple people via their gpg keys. I don't > > quite > > understand how to use pwstore, but the idea seems simple enough. > > The main problem with that is for now: we don't have control over the > phone number associated with our accounts. This means we can't recover > from broken MFA without help of the support. > > As I said in the last meeting, I don't know a useful way to rectify > that missing access to a shared phone number.
Right - sorry, I was assuming that 1) we probably won't be able to solve the phone number issue and 2) still wanted MFA on the root accounts. > Because none of the new accounts have MFA enabled, maybe it is okay to > just transfer the account without it as well. Yea, this might be the best option to avoid the lockout issue. Ross
