People don't generally quit bad jobs, they stick it out for whatever reason. They do quit having a bad boss though.

There's a really nice high level overview of TOP/MFA by OWASP

They say:

There is no definitive "best way" to do this, and what is appropriate will vary hugely based on the security of the application, and also the level of control over the users. Solutions that work for a corporate application where all the staff know each other are unlikely to be feasible for a publicly available application with thousands of users all over the world. Every recovery method has its own advantages and disadvantages, and these need to be evaluated in the context of the application.

Some suggestions of possible methods include:

• Providing the user with a number of single-use recovery codes when they first setup MFA.
• Requiring the user to setup multiple types of MFA (such as a digital certificate, OTP core and phone number for SMS), so that they are unlikely to lose access to all of them at once.
• Mailing a one-use recovery code (or new hardware token) to the user's registered address.
• Requiring the user contact the support team and having a rigorous process in place to verify their identity.
• Requiring another trusted user to vouch for them.

The most important thing I think is, the MFA reset should have a different method and flow than the password reset option. Figure if an attacker attempts the 'forgot password' method, it's assumed they have access to the users email. Therefore, you don't want to send a 'reset MFA' in the same manner. The password recovery flow should be separate to the MFA recovery flow by using some form of out-of-band verification such as sending a password reset link within a "forgotten password email" containing a randomly generated and unique token that allows the user to reset the password only. The MFA recovery flow should work in a different manner. If you are offering TOTP only, I suggest offering a fallback method in place such as a list of "backup codes" of valid OTPs that the user needs to keep safe, and is obtained when first enrolling in MFA, or otherwise an OTP sent via SMS with a short expiration time. Ask for the TOTP while entering a new password. The reset link would be useless for the attacker.

Unnecessary. It's a damn text editor. Leave it simple.

Add it to the list of illegal shit his administration has been doing.

A computer (AI) can never be held accountable. Therefore, a computer (AI) must never make any human decision.

And yet the prices for consumers will not reflect such. MOAR PROFITS! YAY.

“I wanted to be a good boy,” Trump said, describing his relative restraint

AAHahahahaaaaaaaaaahhaaaaaaaaaaaaa. Oh, what a POS.

The linked article has improper HTML for the link to the source. https://news.samsung.com/global/samsung-electronics-and-kt-corporation-verify-x-mimo-technology-in-7-ghz-band-for-6g-development

Is what it points to.

Well that's certainly a war crime. Wonder if the rest of the world will look the other way on this too.

What?

Hey man why you talking bout me....

J/K. Thank you for the kind words. I really am happy to be able to help out here for a lot of reasons. I understand the risk, heavily, but I appreciate the trust you and the other admins have placed in me. I hoped I have shown it to be a correct decision. I want to do my best for Beehaw and what is the best. I won't say everything I do is right or the correct thing, but I normally have a reason for it.

Thank you kindly; genuinely happy to help and want to keep doing so.

WOW.

I can't speak for the other admins; but this part:

Beehaw admins look out for us by cutting off instances

Isn't really a matter of us looking out for anyone else, except Beehaw really. It's us not wanting to deal with that crap and what it involves, either. Literally be nice. They weren't being nice, they don't fit the ethos here.