On Sun, May 6, 2018 at 11:24 PM Nathan nawrich@gmail.com wrote:
I get hundreds of these a year (my user name, Nathan, seems to be a popular target). It would nice to be able to use some sort of multi-factor authentication, which is actually supported by OAUTH. However, it seems most projects (including en.wp) restrict use to accounts with elevated rights. Can anyone explain why these tools can't be made more widely accessible?
Lack of usability around recovering a lost second factor (and not losing it in the first place) AIUI. Right now only developers can reset the second factor; that does not scale to all Wikimedia editors.