I don’t think so. Enforcing two-factor auth to be allowed to do certain things with an account just makes sense. It’s definitely not an attempt to squeeze profit out of users per se, but rather an attempt to limit liability and the risk of costly support problems caused by passwords being compromised.
I think it’s even more important with contributors of large projects and libraries used by a vast amount of software out there.
It’s not inconceivable that someone’s account gets hijacked, and someone uses their trusted account to add a small snippet of malicious code in a commit, enabling a supply-chain attack.
I don’t think so. Enforcing two-factor auth to be allowed to do certain things with an account just makes sense. It’s definitely not an attempt to squeeze profit out of users per se, but rather an attempt to limit liability and the risk of costly support problems caused by passwords being compromised.
I think it’s even more important with contributors of large projects and libraries used by a vast amount of software out there.
It’s not inconceivable that someone’s account gets hijacked, and someone uses their trusted account to add a small snippet of malicious code in a commit, enabling a supply-chain attack.