the following changes have been pushed to bugzilla.mozilla.org:
-  add support for 2fa using totp (eg. google authenticator)
-  security bug group moves for new core-security-release group
-  inactive sessions should expire faster (a week)
visit the ‘two-factor authentication‘ section under your user preferences to enable 2fa.
discuss these changes on mozilla.tools.bmo.