Global JS editing is as dangerous as you can get; it should require reauthentication like password changes and such. (Although possibly with a significantly longer timeout as editing a page might take long.)
The kind of POST stashing done by FormSpecialPage probably would not work so well (as the edit interface might be JS-based); maybe a mechanism similar to session timeouts could be used instead.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Open | None | T197160 All security-sensitive MediaWiki functionality should require elevated security | |||
| Open | None | T197137 Editing sitewide JS/CSS pages should require elevated security |
For what is worth, someone at WMF seems to have decided to start enforcing 2FA for this. Last week, WMFOffice started mailing that 2FA MUST be enabled, and threatening with removing administrator access after November 24th.
I replied a few days ago explaining my concerns and that it didn't seem the right measure but did not heard back.
This task is about requiring 2FA before making JS edits, not requiring 2FA on login (and needs more technical work before it is feasible, if at all wanted). Requiring 2FA on login for certain user groups is T150898: Force OATHAuth (2FA) for certain user groups in Wikimedia production (although it focuses on the technical side and has no mention of administrators, but still a better place to discuss your concerns).
Well, requiring 2FA just for making JS edits seems a solution more suited to the problem. I was reporting that it was being to tackled that other way. Sorry if I was a bit ranty.