The UX of 2FA could be improved considerably, and security along with it, by using a circles of trust model.
Take the example of a code forge, hosting the canonical version of some crucial piece of kit like the Linux kernel, OpenSSL, or GnuPG. You would want a maintainer to be 100% authenticated before they can commit changes to these repositories. Basic security culture.
But ...
(1/2)
Would it still be important to authenticate them before performing a community mod action? Yes, but the stakes of making mistakes here are much lower, and usually reversible. For posting an issue, the only reason to authenticate is to prevent spam and other low-effort nuisance.
The UX implications are, it's perfectly secure to let anyone with a known email address post an issue, and ask them for further proof of identity before they do anything that requires higher levels of trust.
(2/2)
A space for Bonfire maintainers and contributors to communicate
