If one is in group utmp, one can mess with the login accounting database: the table of currently active logins, the log of log-ons/log-offs, and the table of per-user last logins.
The login accounting system that Linux-based operating systems have inherited from Unix really has never reconciled its initial real-terminal-login-only superuser-managed design with the fact that non-superuser programs that allocate pseudo-terminals (e.g. any local terminal emulator, NeoVIM, tmux, screen) want to (over)write entries for those pseudo-terminals in the login accounting database to make the output of the "who" command (and its ilk) more complete.
The best approach I've seen was to re-think the idea; have the pseudo-terminal-using programs run entirely unprivileged and use a client-server model where only the server actually has access to the database files.
Laurent Bercot did this. It fixes many holes, including that the log of log-ons/log-offs is made truly append-only (modulo superuser access to the underlying files). But it has the same architectural problem that any client in the group can overwrite any currently active login record if it knows the record ID, which by design (and the Single Unix Specification) there's an API for enumerating.
> The first baby born as a result of a womb transplant was in Sweden in 2014. Since then around 135 such transplants have been carried out in more than a dozen countries, including the US, China, France, Germany, India and Turkey. Around 65 babies have been born.
It's much easier to reason about a child process sending you possibly corrupt objects over a pipe, compared to a child process possibly corrupting shared memory as you are reading it. I've read enough about processor level memory barriers to understand I don't really understand that at all.
I think that 2FA is widely required not to protect users of online services but to protect the services themselves and/or their administrators from a burden of annoying work. Users that create accounts with weak passwords because they don't care about their accounts present a problem for the company behind the service, because their accounts will eventually become used as puppets of spammers etc. By requiring a very complicated login procedure, spammers won't try to hack those unused accounts and exploit them, resulting in less email being sent to abuse@.
And I think that's the most probable reason 2FA is _required_ today on most online services.
