[LinuxBender]

I would honestly expect the HN crowd to be using long complex passwords. That's probably sufficient for this type of site. I guess only dang could say if HN has been having challenges with account take-overs. I never hear about it. I would not mind having the option to restrict my login to a CIDR block however. I am personally not a fan of adding third party authentication unless it is entirely self hosted and the code is reviewed by teams like NCC.

For banks and some DNS registrars I use IP restrictions in addition to whatever 2FA usually SMS they support along with challenge questions. Additionally for banks I make most of my accounts read-only from the internet. IP restrictions are a feature their support team dislike as many people think they have a static IP when they do not.