To manage it, probably that or IP restrictions. I assume team dang has IP/CIDR restrictions set on their authorized_keys in sshd.
For the rest of us, probably just simple / basic password complexity and some attempt at detecting brute force if that is not already a thing. My personal preference for any site would be to also have an option for cidr/IP approve-list.
Never. 2FA is a suicide pact for any online service if it doesn't have high touch customer service like a bank. A certain fraction of users will be locked out without recourse each month and the user base will decay like a radioisotope. Every time a service requires 2FA I rethink if I want to stay with it.
5 comments
[ 4.9 ms ] story [ 20.6 ms ] threadFor the rest of us, probably just simple / basic password complexity and some attempt at detecting brute force if that is not already a thing. My personal preference for any site would be to also have an option for cidr/IP approve-list.