Comment by LinuxBender
20 hours ago
Also, that does not improve the security that much especially if the IP address is later reused for something else
Hard disagree. That's one person out of the billions that is your potential adversary and highly unlikely at that. It is highly improbably that person with either know they have your old IP or that they would be a risk. Even limiting login to a ASN# or large CIDR block is monumentally better than allowing the entire internet to brute force ones account.
As an example I have a few services that I do not really care about but I still limit logins to the CIDR of my ISP. That means most of my country and all of the other countries can bang away or pound sand all day and night for millions of years and they will get nowhere.
OK, although there is still the issue of losing the IP address that you have (in many ways), whether or not someone else now has that address.
(I think X.509 client certificates would work better. The private key can optionally be passworded, which makes something like a kind of better 2FA than the existing one. But, like I also mentioned, authenticating with the server is not the only issue; there is also the issue of authenticating with other users, and signed commits and signed releases will be helpful for that.)