Enforce/Require 2FA on GitLab
To enhance security on GitLab, we should require 2FA. Right now, 2FA is optional.
GitLab can use a TOTP for its 2FA, for which apps are widely available.
Let's communicate to the community that we'd like to do this effective Saturday, Oct 1 2022.
More info on TOTP, from Mikael's message below:
TOTP does not require a physical key. It can be, but it's not mandatory.
The second factor can be time-based, one-time passwords (TOTP). This require the storage of a seed in a app (often a mobile app), but some password managers like Bitwarden, 1password, or Dashlane also support it. There are also command line application that are able to generate those TOTP:
If you want to use a physical key, you just need to ensure that it's compatible with the WebAuthn (aka FIDO2) protocol. There are many available options on the market for compatible keys. I can personnaly recommend the SoloKeys (https://solokeys.com), a product built with open source hardware and software.
Nothing special is required from EGit (or git CLI): git+ssh works as is, and for git+https you need to use a personal access token rather than your account password.