the following changes have been pushed to bugzilla.mozilla.org:
-  add support for 2fa using totp (eg. google authenticator)
-  security bug group moves for new core-security-release group
-  inactive sessions should expire faster (a week)
today’s push lands initial support for two-factor authentication on BMO. we currently support time-based one-time passwords (totp) with protection around just logging in. 2fa protection will be extended to protect other actions in the upcoming weeks.
visit the ‘two-factor authentication‘ section under your user preferences to enable 2fa.
discuss these changes on mozilla.tools.bmo.