Enforce/Require 2FA on GitLab

To enhance security on GitLab, we should require 2FA. Right now, 2FA is optional.

GitLab can use a TOTP for its 2FA, for which apps are widely available.

Let's communicate to the community that we'd like to do this effective Saturday, Oct 1 2022.

More info on TOTP, from Mikael's message below:

TOTP does not require a physical key. It can be, but it's not mandatory.

The second factor can be time-based, one-time passwords (TOTP). This require the storage of a seed in a app (often a mobile app), but some password managers like Bitwarden, 1password, or Dashlane also support it. There are also command line application that are able to generate those TOTP:

• https://www.nongnu.org/oath-toolkit/oathtool.1.html
• https://github.com/WhyNotHugo/totp-cli
• https://github.com/yitsushi/totp-cli

If you want to use a physical key, you just need to ensure that it's compatible with the WebAuthn (aka FIDO2) protocol. There are many available options on the market for compatible keys. I can personnaly recommend the SoloKeys (https://solokeys.com), a product built with open source hardware and software.

Nothing special is required from EGit (or git CLI): git+ssh works as is, and for git+https you need to use a personal access token rather than your account password.