Ah, right, read to fast it seems! Though that still leaves the possibility of software firewalls, but any OOTB ones wouldn’t be doing any packet inspection.

Do you have a firewall? Packet inspection in particular can wreak havoc on speeds.

Tell them to move to yubikey or similar hardware key which is far more secure than any password policy will ever be and vastly more user friendly. Only downside is the intense shame if you manage to lose it.

The key should stick with the user thus not be stored with the computer when not in use. The key isn’t harmless of course but it takes a very deliberate targeting and advance knowledge about what it goes to and how it can be used. It’s also easy to remote revoke. If you’re extra special paranoid you could of course store the key locked at a separate site if you want nuclear codes levels of security.

Gitea is looking into joining ActivityPub as the core framework is called.