On 4/25/20 11:14 PM, Bernd Zeimetz wrote: > Actually I think 2FA should be enforced for everybody. > Even debian.org related passwords might get lost. I use strong password, stored with keepassxc, with the password db encrypted using the HMAC of my yubikey. In what way is this not safe enough already? 2FA will add nothing in my case, just more annoyance. Cheers, Thomas Goirand (zigo)