Remove 2FA requirement for users only reporting bugs.

Remove 2FA requirement for users only reporting bugs. That is just unnecessary bureaucracy. Divide users into different groups and adapt the login requirements to what is sensible for those groups.

What is the worst thing that can happen if a user that never touches the code has her/his account hacked?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information