This is a tricky one for me, and from what I can see... others too.
My initial reaction (and what I feel is common for others) was that this is overzealous -- 2FA is something everyone should already be doing.
It's somewhat like being upset that your poor hygiene came up while donating your time to the local soup kitchen. Your acts are good, but perhaps you shouldn't be handling/dispensing food.
I totally understand the fears of centralized power for these indexes. I think others (like myself) are just getting hung up on what lead to this consideration
There's something interesting with their picking and choosing of who gets policies, but in this case... it's fine in my opinion.
The most downloaded packages have the largest blast area, this might stop some explosions - so it's worth it [if you care about your users].
My initial reaction (and what I feel is common for others) was that this is overzealous -- 2FA is something everyone should already be doing.
It's somewhat like being upset that your poor hygiene came up while donating your time to the local soup kitchen. Your acts are good, but perhaps you shouldn't be handling/dispensing food.
I totally understand the fears of centralized power for these indexes. I think others (like myself) are just getting hung up on what lead to this consideration
There's something interesting with their picking and choosing of who gets policies, but in this case... it's fine in my opinion.
The most downloaded packages have the largest blast area, this might stop some explosions - so it's worth it [if you care about your users].