5 comments

[ 4.9 ms ] story [ 20.6 ms ] thread
To manage it, probably that or IP restrictions. I assume team dang has IP/CIDR restrictions set on their authorized_keys in sshd.

For the rest of us, probably just simple / basic password complexity and some attempt at detecting brute force if that is not already a thing. My personal preference for any site would be to also have an option for cidr/IP approve-list.

Never. 2FA is a suicide pact for any online service if it doesn't have high touch customer service like a bank. A certain fraction of users will be locked out without recourse each month and the user base will decay like a radioisotope. Every time a service requires 2FA I rethink if I want to stay with it.
Dont exactly see the appeal of what someone with my login credentials would do on HN.
I prefer to just keep my password secure.