Ingo Klöcker wrote: > You are the only person in this thread (on kde-core-devel) who has voiced > their disagreement with using 2FA and who demand its immediate > deactivation. Why do you think a single person (you) who isn't tasked with > keeping our infrastructure and the data stored thereon secure should be > able to decide this?
To be honest, I am genuinely surprised that there are not more complaints about that. I would have expected lots more. (On kde-community, there are a few posts by Christoph Cullmann worrying about the impact on new contributors, but even he does not seem to be opposed to 2FA for KDE developers. Other than that, I do not see any kind of criticism either.) Unfortunately, it seems that people have learned to put up with pretty much any annoyance in the name of "security". (I blame airport "security".) > I for one applaud the requirement to use 2FA on invent. I would love to > see this on more websites. That just confirms that this is NOT actually an "industry standard best practice" as Ben Cooksley is claiming, but a completely non-standard PITA that only a handful websites dare imposing on their users. (Invent is the ONLY website that I use that requires this. Note that I do not use online banking, and the ever-increasing security theater banks are imposing is the main reason why. There is a reason mandatory 2FA has not caught on outside of the banking sector.) A lot of websites allow users to opt into 2FA (letting the security nerds have their toy to play around with without bothering the rest of the world), but forcing it down our throat is a wholely different matter. > And, for what it's worth, since invent keeps personal information and > since the GDPR requires using state-of-the-art technology to protect > personal information, using 2FA is, in my opinion (but I'm not a lawyer), > a must for any website that stores personal information. See above, almost nobody else does this, so that interpretation of the GDPR is pure nonsense. Kevin Kofler