[agildehaus]

Mandated 2FA should really be a thing, especially on tech-oriented sites with such importance.

[smudgymcscmudge]

Both GitLab and GitHub allow organizations to require members to use 2fa. So the option is there.

[ssnistfajen]

Someone I know had one of their private repos on GitHub replaced despite having 2FA enabled so it may have been from a leaked personal access token somewhere. What's odd was that this user has push access to multiple active private repos yet only one was hit with the ransom.

[jaden]

I agree, but read that at least one of the users had 2FA enabled and still lost their repos. They said they received no notification emails either.