Today I’m pleased to announce support for Authentication Assurance Levels on Discourse.
This is the culmination of months of work from many people across the #iam team, and the wider effort can be read about here:
From today on Discourse, the vast majority of our users - those who aren’t Mozilla staff or NDA contributors - will be able to log in with any authentication system tied to their primary email address.
These users will no longer face error messages telling them their authentication method isn’t secure enough and that they must log in with another method, or enable MFA on their account, to be able to log in.
Mozilla staff and NDA contributors are still required to log in with a more secure authentication method. Over the coming weeks we’ll be working to improve the error messages they see, and in certain cases allow temporary access with a less secure authentication method.