On Sun, May 6, 2018 at 11:24 PM Nathan <nawrich(a)gmail.com> wrote:
I get hundreds of these a year (my user name, Nathan,
seems to be a popular
target). It would nice to be able to use some sort of multi-factor
authentication, which is actually supported by OAUTH. However, it seems
most projects (including en.wp) restrict use to accounts with elevated
rights. Can anyone explain why these tools can't be made more widely
accessible?
Lack of usability around recovering a lost second factor (and not losing it
in the first place) AIUI. Right now only developers can reset the second
factor; that does not scale to all Wikimedia editors.