I think this is a nice improvement. We might need to make the text a bit more subtle, for projects that have many members without multifactor enabled.
A security concern, though, is that anyone can add anyone else to their project. And then they'd be able to see if the other person has multifactor authe enabled. I don't think we want people to do that. A good solution (although not easy) would be to create an invitation system so that people must accept joining a project. That would be a nice improvement anyway.
So I think we should hold this merge request until we have that done.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think this is a nice improvement. We might need to make the text a bit more subtle, for projects that have many members without multifactor enabled.
A security concern, though, is that anyone can add anyone else to their project. And then they'd be able to see if the other person has multifactor authe enabled. I don't think we want people to do that. A good solution (although not easy) would be to create an invitation system so that people must accept joining a project. That would be a nice improvement anyway.
So I think we should hold this merge request until we have that done.