Audit show 2FA for drupal.org - It is wrong

[PepeCZ]

Hi, Enpass in Audit showing that website drupal.org support 2FA. But it is wrong.

I have over 7 years account on website drupal.org and when you are normal standart user, so you cannot create 2FA login for this website.

On oficial drupal.org website is it wrote too. First, is it here wrote that all info about 2FA is outdate. And second, normal standart account what is not verificate via drupal cannot secure account with 2FA.

Only people what own verificate account and create some posts etc can secure account with 2FA.

So for example I, what use website drupal.org only for forum discusions and downloading new version CMS, cannot secure drupal.org account with 2FA because I an not creator some plugin etc (so I cannot have verificated account which support 2fa), but Enpass still showing me that I miss one avaible 2FA. :-/

 

On drupal website exists only plugins for 2FA for download as additional plugin for websites builded on CMS Drupal.

Someone in Enpass team can try it, create test account on drupal.org, and you will see that website drupal.org cannot secure via 2FA. Please fix it in next Enpass version.

 

https://www.drupal.org/drupalorg/docs/user-accounts/setting-up-two-factor-authentication

Last updated on 7 October 2019

This documentation is out of date.

Edited January 14, 2021 by PepeCZ

[Garima Singh]

Hey @PepeCZ

Thanks for your valuable input. Enpass has no way to verify if a user is verified on Drupal.org or not. We think complete removal of Drupal.org from 2fa supported websites requires more compelling case. For now, you can click "Don't save" button and it will disappear for you.