Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-14 Thread 
Task: https://phabricator.wikimedia.org/T150646 - A Wikimedia hosted
two-factor authentication app

I agree there are issues, and the help files would need a lot more
work before a wider roll-out. The current advice[1] is too open ended
and many users randomly searching for two-factor authentication apps
(or browser plug-ins) will end up using Google's, or a supplier with
no track record, or even some other app with commercial adverts.

Open source solutions are around, like Authy[2] (which is what I'm
using). There is nothing to stop the WMF from hosting a build using
current open source code, and even making it available on Google Play,
with the options of customizing it in useful ways later on. For these
reasons I've kicked of the task above for the WMF to consider hosting
an app.

Links:
1. https://meta.wikimedia.org/wiki/Help:Two-factor_authentication
2. https://github.com/authy

On 14 November 2016 at 08:05, Gnangarra <gnanga...@gmail.com> wrote:
> I see this as not solving problems but creating barriers to participation
>
>- one is the complexity of the process
>https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the more
>complicated the systems the more opportunity for failures, more points of
>access where data can be compromised, and the flip side the easier it is
>for people to be locked out,
>- its using 3rd party, no matter how good the system of the third party
>why should I be using anything other than the WMF system to login, my
>connection is with the WMF. Who is responsible if the connection is
>compromised or my data misused by the third party regardless of which third
>party used they need to know your user details to complete the loop in the
>authentication .
>- an authentication app is just inviting people to attempt to compromise
>the account as you have already given them part of the process should you
>lose your device
>
> What I see could be a technical benefit has a dark side that is enabling
> additional parties to monitor our activities even compromise them.  I think
> that "security" card is being played poorly here as anonymity in editing is
> something we have always respected the 3rd party participation in
> authentication appears to be stripping that away.  Google and like minded
> commercial companies only provide these free tools to gather data for their
> own internal uses to enable them to better target the advertising that they
> sell.
>
> On 14 November 2016 at 08:10, Craig Franklin <cfrank...@halonetwork.net>
> wrote:
>
>> This is really excellent.  Thankyou!
>>
>> Cheers,
>> Craig
>>
>> On 13 November 2016 at 01:46, Steinsplitter Wiki <
>> steinsplit...@wikipedia.de
>> > wrote:
>>
>> > https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_
>> > noticeboard#Two-Factor_Authentication_now_available_for_admins
>> >
>> > 
>> > Von: Wikimedia-l <wikimedia-l-boun...@lists.wikimedia.org> im Auftrag
>> von
>> > Amir Ladsgroup <ladsgr...@gmail.com>
>> > Gesendet: Samstag, 12. November 2016 15:37
>> > An: Wikimedia Mailing List
>> > Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be
>> > better?
>> >
>> > Emphasizing on this part of my message: "'Google Authenticator' *or
>> similar
>> > ones.*"
>> >
>> > On Sat, Nov 12, 2016 at 6:04 PM Vi to <vituzzu.w...@gmail.com> wrote:
>> >
>> > > Actually I consider to be sensitive the google account linked to my
>> > mobile
>> > > phone :|
>> > >
>> > > also lots of people might have no compatible devices.
>> > >
>> > > Vito
>> > >
>> > > 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup <ladsgr...@gmail.com>:
>> > >
>> > > > There is no need to store phone number at all.
>> > > > You need to install an app called "Google Authenticator" or similar
>> > ones.
>> > > > Then you scan a QR code from a special page in Wikipedia. Then every
>> > time
>> > > > you want to login, you need to give username, password and a
>> > short-lived
>> > > > token the app gives you. See this for more details:
>> > > >
>> > > https://lists.wikimedia.org/pipermail/labs-announce/2016-
>> > March/000104.html
>> > > >
>> > > >
>> > > >
>> > > > On Sat, Nov 12, 2016 at 5:38 PM Fæ <fae...@gmail.com> wrote:
>> > > >
>> > > > Good point

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-13 Thread 
Task https://phabricator.wikimedia.org/T150605

I have raised the above task for the WMF to publish an appropriate
summary of the behind the scenes analysis of the recent hack of
accounts and the claimed copying of the English Wikipedia database
(presumably user account tables). The request summary is pasted below
for those that don't want to read the detail, though I recommend that
technically minded volunteers subscribe to it on Phabricator --

"This is a request for a report of the analysis of the OurMine hack to
be published. It is understood that a non-public investigation is
necessary, but it also makes sense to be transparent about events and
as quickly as possible. This will provide an 'official' public
assurance of the steps being taken by the WMF to make the systems more
secure. Volunteers have rapidly responded by promoting two-factor
authentication, as well as working collegiately on guidance for
volunteers. A report of the behind the scenes analysis would aid these
efforts and ensure that if wider changes of passwords or the roll-out
of 2FA to non-sysop accounts makes sense, that these can be discussed
within the community in a positive way. It is likely that volunteer
discussions will continue and this will be reported in the Signpost
next week, so timing a report in the next few days would be helpful in
ensuring factual reporting."

Thanks,
Fae

On 12 November 2016 at 23:34, MZMcBride  wrote:
> Fæ wrote:
>>Do any of the volunteers contributing to this list have ideas for
>>changes that may make a significant difference to security?
>
> When you log in, you're given a user session. This session, along with
> local Web browser HTTP cookies, allows you to stay logged in and
> authenticated as you browse and edit a wiki. We've previously discussed
> the ability for a user to see all of his or her account's active sessions,
> similar to what other sites (GitHub, Facebook, Google) already allow.
>
> This type of interface lets a user see his or her own active sessions,
> originating IP addresses and User-Agent strings, and sometimes the
> interface allows destroying all or some sessions (e.g., if you see a
> session from the time you logged in to a friend's computer). This type of
> interface can also be used, for better or worse, to track typical behavior
> of the user, so that if a user often logs in from a specific IP address
> range (e.g., their home computer in the UK), a user session that comes
> from a vastly different IP address range (e.g., a mobile device in
> Australia) can be flagged and reported to the user. Or, in the case of
> two-factor authentication, a "suspicious" login attempt can be required to
> go through additional verification. These types of systems are common for
> Gmail accounts and some credit card accounts.
>
> Regarding a user seeing a list of his or her own active sessions and
> corresponding information, there was, and there likely still is,
> considerable opposition to this idea. It's akin to a "self-CheckUser"
> feature (which I think we should separately support) and there were
> concerns that we would help vandals, sockpuppets, and other bad users.
>
> Some links:
>
> * https://www.mediawiki.org/wiki/?curid=117743
> * https://www.mediawiki.org/wiki/?curid=156161
> * https://phabricator.wikimedia.org/T387
> * https://phabricator.wikimedia.org/T29242
>
> MZMcBride
-- 
fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae

___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread MZMcBride 
Fæ wrote:
>Do any of the volunteers contributing to this list have ideas for
>changes that may make a significant difference to security?

When you log in, you're given a user session. This session, along with
local Web browser HTTP cookies, allows you to stay logged in and
authenticated as you browse and edit a wiki. We've previously discussed
the ability for a user to see all of his or her account's active sessions,
similar to what other sites (GitHub, Facebook, Google) already allow.

This type of interface lets a user see his or her own active sessions,
originating IP addresses and User-Agent strings, and sometimes the
interface allows destroying all or some sessions (e.g., if you see a
session from the time you logged in to a friend's computer). This type of
interface can also be used, for better or worse, to track typical behavior
of the user, so that if a user often logs in from a specific IP address
range (e.g., their home computer in the UK), a user session that comes
from a vastly different IP address range (e.g., a mobile device in
Australia) can be flagged and reported to the user. Or, in the case of
two-factor authentication, a "suspicious" login attempt can be required to
go through additional verification. These types of systems are common for
Gmail accounts and some credit card accounts.

Regarding a user seeing a list of his or her own active sessions and
corresponding information, there was, and there likely still is,
considerable opposition to this idea. It's akin to a "self-CheckUser"
feature (which I think we should separately support) and there were
concerns that we would help vandals, sockpuppets, and other bad users.

Some links:

* https://www.mediawiki.org/wiki/?curid=117743
* https://www.mediawiki.org/wiki/?curid=156161
* https://phabricator.wikimedia.org/T387
* https://phabricator.wikimedia.org/T29242

MZMcBride



___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Dariusz Jemielniak 
+1 to what Craig wrote: two-factor authentication, with a key stored in an
authenticator application (which eliminates the problem of revealing the
phone number), would definitely be a great thing - and we could make it
opt-in, except for higher level functionaries.

best,

dariusz

On Sat, Nov 12, 2016 at 7:27 AM, Craig Franklin 
wrote:

> I know it's been said many times, but two-factor authentication, mandatory
> for accounts with advanced privileges and optionally available for everyone
> else, would seem to be a logical step.  It's not foolproof, but it would go
> a long way to making us less of a soft target.
>
> Cheers,
> Craig
>
> On 12 November 2016 at 22:22, Fæ  wrote:
>
> > Do any of the volunteers contributing to this list have ideas for
> > changes that may make a significant difference to security?
> >
> > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> > process appearing to promote an organisation.[1] It was not the only
> > account compromised. This is being analysed, though as there are
> > security issues being examined, the analysis has not been made public
> > so far; plus it's the weekend :-)
> >
> > Over the last few years, there have improvements on account set-up and
> > choice of passwords, along with user suggestions for better account
> > management. Users can also chose to use committed identities[2] to
> > make account recovery easier, and are encouraged to use more secure
> > passwords. Two-factor authentication,[3] such as using mobile phone
> > text messages, has been suggested a few times by volunteers, and this
> > might be a good moment to encourage the WMF to have better facilities
> > built into the projects. We could even make two-factor identification
> > a requirement for trusted users, such as administrators, important
> > bots, and "high profile" accounts, where they may have special rights
> > that could cause a fair amount of disruption if a hacked account were
> > not identified quickly. Considering that some administrator accounts
> > can lie dormant for many months without the actual user monitoring it,
> > these could end up being far more disruptive than well-watched
> > accounts like Jimmy's.
> >
> > We may want extra security to remain mostly optional, keeping our
> > projects simple to access. Education of new volunteers and trusted
> > users may be critical for making it effective, such as avoiding social
> > hacking. A clearer understanding of what the community would want to
> > see improved would probably help set development priorities.
> >
> > Links
> > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> >
> > Thanks,
> > Fae
> > --
> > fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae
> >
> > ___
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > 
> ___
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>



-- 

__
prof. dr hab. Dariusz Jemielniak
kierownik katedry Zarządzania Międzynarodowego
i grupy badawczej NeRDS
Akademia Leona Koźmińskiego
http://n wrds.kozminski.edu.pl

członek Akademii Młodych Uczonych Polskiej Akademii Nauk

Wyszła pierwsza na świecie etnografia Wikipedii "Common Knowledge? An
Ethnography of Wikipedia" (2014, Stanford University Press) mojego
autorstwa http://www.sup.org/book.cgi?id=24010

Recenzje
Forbes: http://www.forbes.com/fdc/welcome_mjx.shtml
Pacific Standard:
http://www.psmag.com/navigation/books-and-culture/killed-wikipedia-93777/
Motherboard: http://motherboard.vice.com/read/an-ethnography-of-wikipedia
The Wikipedian:
http://thewikipedian.net/2014/10/10/dariusz-jemielniak-common-knowledge
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Yongmin Hong 
I believe you can find some 2FA application that isn't affiliated with Google 
(actually Google Authenticatir app doesn't require Google account to be linked. 
Tested on iOS and Android.)

Also, some desktop application (ie. 1password*) is 2FA compatible.

* Not Free/Open Source Software.
--
Yongmin H.

Sent from my iPhone
Please note that this address is list-only address and any non-mailing list 
mails will be treated as spam.
Please use https://encrypt.to/0x947f156f16250de39788c3c35b625da5beff197a.

2016. 11. 12. 23:34 Vi to  작성:

> Actually I consider to be sensitive the google account linked to my mobile
> phone :|
> 
> also lots of people might have no compatible devices.
> 
> Vito
> 
> 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup :
> 
>> There is no need to store phone number at all.
>> You need to install an app called "Google Authenticator" or similar ones.
>> Then you scan a QR code from a special page in Wikipedia. Then every time
>> you want to login, you need to give username, password and a short-lived
>> token the app gives you. See this for more details:
>> https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
>> 
>> 
>> 
>> On Sat, Nov 12, 2016 at 5:38 PM Fæ  wrote:
>> 
>> Good point Vito,
>> 
>> I agree that mobile numbers are personal information. However, my
>> understanding of the two-factor process would be that it can set up so
>> that mobile numbers are *guaranteed* to never be logged or archived
>> and only stored in a constrained way for a verification number to be
>> issued. There are various ways of getting two-factor processes to
>> work, so methods that do not rely on mobile numbers may suit
>> volunteers that are worried about sending their mobile phone number to
>> any server in the USA, where there are always questions about secret
>> access and storage for government agencies.
>> 
>> We can require that guarantees are given and transparently assured for
>> how any personal information like this is handled by WMF implemented
>> software. It could even be an area that requires legally meaningful
>> assurance, or local processing to avoid, say, Europeans sending any
>> personal data to the USA.  ;-)
>> 
>> Fae
>> 
>>> On 12 November 2016 at 13:53, Vi to  wrote:
>>> My phone number is something I consider highly sensitive. Linking this
>> kind
>>> of data to my online identity would be an unacceptable risk for me.
>>> 
>>> Vito
>>> 
>>> 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup :
>>> 
 As far as I know 2FA is already implemented and mandatory for WMF staff
 accounts and wikitech accounts. https://phabricator.wikimedia.
>> org/T107605
 
 I emphasized on having 2fa for CUs, oversights and others with private
>> data
 access: https://phabricator.wikimedia.org/T107605#2570342
 Not sure what's blocking this.
 
 Best
 
 On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
>> cfrank...@halonetwork.net
>>> 
 wrote:
 
> I know it's been said many times, but two-factor authentication,
 mandatory
> for accounts with advanced privileges and optionally available for
 everyone
> else, would seem to be a logical step.  It's not foolproof, but it
>> would
 go
> a long way to making us less of a soft target.
> 
> Cheers,
> Craig
> 
>> On 12 November 2016 at 22:22, Fæ  wrote:
>> 
>> Do any of the volunteers contributing to this list have ideas for
>> changes that may make a significant difference to security?
>> 
>> Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
>> process appearing to promote an organisation.[1] It was not the only
>> account compromised. This is being analysed, though as there are
>> security issues being examined, the analysis has not been made
>> public
>> so far; plus it's the weekend :-)
>> 
>> Over the last few years, there have improvements on account set-up
>> and
>> choice of passwords, along with user suggestions for better account
>> management. Users can also chose to use committed identities[2] to
>> make account recovery easier, and are encouraged to use more secure
>> passwords. Two-factor authentication,[3] such as using mobile phone
>> text messages, has been suggested a few times by volunteers, and
>> this
>> might be a good moment to encourage the WMF to have better
>> facilities
>> built into the projects. We could even make two-factor
>> identification
>> a requirement for trusted users, such as administrators, important
>> bots, and "high profile" accounts, where they may have special
>> rights
>> that could cause a fair amount of disruption if a hacked account
>> were
>> not identified quickly. Considering that some administrator accounts
>> can lie dormant for many months without the actual user monitoring
>>

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Vi to 
Actually I consider to be sensitive the google account linked to my mobile
phone :|

also lots of people might have no compatible devices.

Vito

2016-11-12 15:30 GMT+01:00 Amir Ladsgroup :

> There is no need to store phone number at all.
> You need to install an app called "Google Authenticator" or similar ones.
> Then you scan a QR code from a special page in Wikipedia. Then every time
> you want to login, you need to give username, password and a short-lived
> token the app gives you. See this for more details:
> https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
>
>
>
> On Sat, Nov 12, 2016 at 5:38 PM Fæ  wrote:
>
> Good point Vito,
>
> I agree that mobile numbers are personal information. However, my
> understanding of the two-factor process would be that it can set up so
> that mobile numbers are *guaranteed* to never be logged or archived
> and only stored in a constrained way for a verification number to be
> issued. There are various ways of getting two-factor processes to
> work, so methods that do not rely on mobile numbers may suit
> volunteers that are worried about sending their mobile phone number to
> any server in the USA, where there are always questions about secret
> access and storage for government agencies.
>
> We can require that guarantees are given and transparently assured for
> how any personal information like this is handled by WMF implemented
> software. It could even be an area that requires legally meaningful
> assurance, or local processing to avoid, say, Europeans sending any
> personal data to the USA.  ;-)
>
> Fae
>
> On 12 November 2016 at 13:53, Vi to  wrote:
> > My phone number is something I consider highly sensitive. Linking this
> kind
> > of data to my online identity would be an unacceptable risk for me.
> >
> > Vito
> >
> > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup :
> >
> >> As far as I know 2FA is already implemented and mandatory for WMF staff
> >> accounts and wikitech accounts. https://phabricator.wikimedia.
> org/T107605
> >>
> >> I emphasized on having 2fa for CUs, oversights and others with private
> data
> >> access: https://phabricator.wikimedia.org/T107605#2570342
> >> Not sure what's blocking this.
> >>
> >> Best
> >>
> >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
> cfrank...@halonetwork.net
> >
> >> wrote:
> >>
> >> > I know it's been said many times, but two-factor authentication,
> >> mandatory
> >> > for accounts with advanced privileges and optionally available for
> >> everyone
> >> > else, would seem to be a logical step.  It's not foolproof, but it
> would
> >> go
> >> > a long way to making us less of a soft target.
> >> >
> >> > Cheers,
> >> > Craig
> >> >
> >> > On 12 November 2016 at 22:22, Fæ  wrote:
> >> >
> >> > > Do any of the volunteers contributing to this list have ideas for
> >> > > changes that may make a significant difference to security?
> >> > >
> >> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> >> > > process appearing to promote an organisation.[1] It was not the only
> >> > > account compromised. This is being analysed, though as there are
> >> > > security issues being examined, the analysis has not been made
> public
> >> > > so far; plus it's the weekend :-)
> >> > >
> >> > > Over the last few years, there have improvements on account set-up
> and
> >> > > choice of passwords, along with user suggestions for better account
> >> > > management. Users can also chose to use committed identities[2] to
> >> > > make account recovery easier, and are encouraged to use more secure
> >> > > passwords. Two-factor authentication,[3] such as using mobile phone
> >> > > text messages, has been suggested a few times by volunteers, and
> this
> >> > > might be a good moment to encourage the WMF to have better
> facilities
> >> > > built into the projects. We could even make two-factor
> identification
> >> > > a requirement for trusted users, such as administrators, important
> >> > > bots, and "high profile" accounts, where they may have special
> rights
> >> > > that could cause a fair amount of disruption if a hacked account
> were
> >> > > not identified quickly. Considering that some administrator accounts
> >> > > can lie dormant for many months without the actual user monitoring
> it,
> >> > > these could end up being far more disruptive than well-watched
> >> > > accounts like Jimmy's.
> >> > >
> >> > > We may want extra security to remain mostly optional, keeping our
> >> > > projects simple to access. Education of new volunteers and trusted
> >> > > users may be critical for making it effective, such as avoiding
> social
> >> > > hacking. A clearer understanding of what the community would want to
> >> > > see improved would probably help set development priorities.
> >> > >
> >> > > Links
> >> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Amir Ladsgroup 
There is no need to store phone number at all.
You need to install an app called "Google Authenticator" or similar ones.
Then you scan a QR code from a special page in Wikipedia. Then every time
you want to login, you need to give username, password and a short-lived
token the app gives you. See this for more details:
https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html



On Sat, Nov 12, 2016 at 5:38 PM Fæ  wrote:

Good point Vito,

I agree that mobile numbers are personal information. However, my
understanding of the two-factor process would be that it can set up so
that mobile numbers are *guaranteed* to never be logged or archived
and only stored in a constrained way for a verification number to be
issued. There are various ways of getting two-factor processes to
work, so methods that do not rely on mobile numbers may suit
volunteers that are worried about sending their mobile phone number to
any server in the USA, where there are always questions about secret
access and storage for government agencies.

We can require that guarantees are given and transparently assured for
how any personal information like this is handled by WMF implemented
software. It could even be an area that requires legally meaningful
assurance, or local processing to avoid, say, Europeans sending any
personal data to the USA.  ;-)

Fae

On 12 November 2016 at 13:53, Vi to  wrote:
> My phone number is something I consider highly sensitive. Linking this
kind
> of data to my online identity would be an unacceptable risk for me.
>
> Vito
>
> 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup :
>
>> As far as I know 2FA is already implemented and mandatory for WMF staff
>> accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
>>
>> I emphasized on having 2fa for CUs, oversights and others with private
data
>> access: https://phabricator.wikimedia.org/T107605#2570342
>> Not sure what's blocking this.
>>
>> Best
>>
>> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin 
>> wrote:
>>
>> > I know it's been said many times, but two-factor authentication,
>> mandatory
>> > for accounts with advanced privileges and optionally available for
>> everyone
>> > else, would seem to be a logical step.  It's not foolproof, but it
would
>> go
>> > a long way to making us less of a soft target.
>> >
>> > Cheers,
>> > Craig
>> >
>> > On 12 November 2016 at 22:22, Fæ  wrote:
>> >
>> > > Do any of the volunteers contributing to this list have ideas for
>> > > changes that may make a significant difference to security?
>> > >
>> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
>> > > process appearing to promote an organisation.[1] It was not the only
>> > > account compromised. This is being analysed, though as there are
>> > > security issues being examined, the analysis has not been made public
>> > > so far; plus it's the weekend :-)
>> > >
>> > > Over the last few years, there have improvements on account set-up
and
>> > > choice of passwords, along with user suggestions for better account
>> > > management. Users can also chose to use committed identities[2] to
>> > > make account recovery easier, and are encouraged to use more secure
>> > > passwords. Two-factor authentication,[3] such as using mobile phone
>> > > text messages, has been suggested a few times by volunteers, and this
>> > > might be a good moment to encourage the WMF to have better facilities
>> > > built into the projects. We could even make two-factor identification
>> > > a requirement for trusted users, such as administrators, important
>> > > bots, and "high profile" accounts, where they may have special rights
>> > > that could cause a fair amount of disruption if a hacked account were
>> > > not identified quickly. Considering that some administrator accounts
>> > > can lie dormant for many months without the actual user monitoring
it,
>> > > these could end up being far more disruptive than well-watched
>> > > accounts like Jimmy's.
>> > >
>> > > We may want extra security to remain mostly optional, keeping our
>> > > projects simple to access. Education of new volunteers and trusted
>> > > users may be critical for making it effective, such as avoiding
social
>> > > hacking. A clearer understanding of what the community would want to
>> > > see improved would probably help set development priorities.
>> > >
>> > > Links
>> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
>> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
>> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
>> > >
>> > > Thanks,
>> > > Fae
>> > > --
>> > > fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>> > >
>> > > ___
>> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
>> > > wiki/Mailing_lists/Guidelines
>> > >

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Vi to 
My phone number is something I consider highly sensitive. Linking this kind
of data to my online identity would be an unacceptable risk for me.

Vito

2016-11-12 13:37 GMT+01:00 Amir Ladsgroup :

> As far as I know 2FA is already implemented and mandatory for WMF staff
> accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
>
> I emphasized on having 2fa for CUs, oversights and others with private data
> access: https://phabricator.wikimedia.org/T107605#2570342
> Not sure what's blocking this.
>
> Best
>
> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin 
> wrote:
>
> > I know it's been said many times, but two-factor authentication,
> mandatory
> > for accounts with advanced privileges and optionally available for
> everyone
> > else, would seem to be a logical step.  It's not foolproof, but it would
> go
> > a long way to making us less of a soft target.
> >
> > Cheers,
> > Craig
> >
> > On 12 November 2016 at 22:22, Fæ  wrote:
> >
> > > Do any of the volunteers contributing to this list have ideas for
> > > changes that may make a significant difference to security?
> > >
> > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> > > process appearing to promote an organisation.[1] It was not the only
> > > account compromised. This is being analysed, though as there are
> > > security issues being examined, the analysis has not been made public
> > > so far; plus it's the weekend :-)
> > >
> > > Over the last few years, there have improvements on account set-up and
> > > choice of passwords, along with user suggestions for better account
> > > management. Users can also chose to use committed identities[2] to
> > > make account recovery easier, and are encouraged to use more secure
> > > passwords. Two-factor authentication,[3] such as using mobile phone
> > > text messages, has been suggested a few times by volunteers, and this
> > > might be a good moment to encourage the WMF to have better facilities
> > > built into the projects. We could even make two-factor identification
> > > a requirement for trusted users, such as administrators, important
> > > bots, and "high profile" accounts, where they may have special rights
> > > that could cause a fair amount of disruption if a hacked account were
> > > not identified quickly. Considering that some administrator accounts
> > > can lie dormant for many months without the actual user monitoring it,
> > > these could end up being far more disruptive than well-watched
> > > accounts like Jimmy's.
> > >
> > > We may want extra security to remain mostly optional, keeping our
> > > projects simple to access. Education of new volunteers and trusted
> > > users may be critical for making it effective, such as avoiding social
> > > hacking. A clearer understanding of what the community would want to
> > > see improved would probably help set development priorities.
> > >
> > > Links
> > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> > >
> > > Thanks,
> > > Fae
> > > --
> > > fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae
> > >
> > > ___
> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > > wiki/Mailing_lists/Guidelines
> > > New messages to: Wikimedia-l@lists.wikimedia.org
> > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > > 
> > ___
> > Wikimedia-l mailing list, guidelines at:
> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > 
> ___
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
>
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Amir Ladsgroup 
As far as I know 2FA is already implemented and mandatory for WMF staff
accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605

I emphasized on having 2fa for CUs, oversights and others with private data
access: https://phabricator.wikimedia.org/T107605#2570342
Not sure what's blocking this.

Best

On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin 
wrote:

> I know it's been said many times, but two-factor authentication, mandatory
> for accounts with advanced privileges and optionally available for everyone
> else, would seem to be a logical step.  It's not foolproof, but it would go
> a long way to making us less of a soft target.
>
> Cheers,
> Craig
>
> On 12 November 2016 at 22:22, Fæ  wrote:
>
> > Do any of the volunteers contributing to this list have ideas for
> > changes that may make a significant difference to security?
> >
> > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> > process appearing to promote an organisation.[1] It was not the only
> > account compromised. This is being analysed, though as there are
> > security issues being examined, the analysis has not been made public
> > so far; plus it's the weekend :-)
> >
> > Over the last few years, there have improvements on account set-up and
> > choice of passwords, along with user suggestions for better account
> > management. Users can also chose to use committed identities[2] to
> > make account recovery easier, and are encouraged to use more secure
> > passwords. Two-factor authentication,[3] such as using mobile phone
> > text messages, has been suggested a few times by volunteers, and this
> > might be a good moment to encourage the WMF to have better facilities
> > built into the projects. We could even make two-factor identification
> > a requirement for trusted users, such as administrators, important
> > bots, and "high profile" accounts, where they may have special rights
> > that could cause a fair amount of disruption if a hacked account were
> > not identified quickly. Considering that some administrator accounts
> > can lie dormant for many months without the actual user monitoring it,
> > these could end up being far more disruptive than well-watched
> > accounts like Jimmy's.
> >
> > We may want extra security to remain mostly optional, keeping our
> > projects simple to access. Education of new volunteers and trusted
> > users may be critical for making it effective, such as avoiding social
> > hacking. A clearer understanding of what the community would want to
> > see improved would probably help set development priorities.
> >
> > Links
> > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
> >
> > Thanks,
> > Fae
> > --
> > fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae
> >
> > ___
> > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> > wiki/Mailing_lists/Guidelines
> > New messages to: Wikimedia-l@lists.wikimedia.org
> > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> > 
> ___
> Wikimedia-l mailing list, guidelines at:
> https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Craig Franklin 
I know it's been said many times, but two-factor authentication, mandatory
for accounts with advanced privileges and optionally available for everyone
else, would seem to be a logical step.  It's not foolproof, but it would go
a long way to making us less of a soft target.

Cheers,
Craig

On 12 November 2016 at 22:22, Fæ  wrote:

> Do any of the volunteers contributing to this list have ideas for
> changes that may make a significant difference to security?
>
> Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the
> process appearing to promote an organisation.[1] It was not the only
> account compromised. This is being analysed, though as there are
> security issues being examined, the analysis has not been made public
> so far; plus it's the weekend :-)
>
> Over the last few years, there have improvements on account set-up and
> choice of passwords, along with user suggestions for better account
> management. Users can also chose to use committed identities[2] to
> make account recovery easier, and are encouraged to use more secure
> passwords. Two-factor authentication,[3] such as using mobile phone
> text messages, has been suggested a few times by volunteers, and this
> might be a good moment to encourage the WMF to have better facilities
> built into the projects. We could even make two-factor identification
> a requirement for trusted users, such as administrators, important
> bots, and "high profile" accounts, where they may have special rights
> that could cause a fair amount of disruption if a hacked account were
> not identified quickly. Considering that some administrator accounts
> can lie dormant for many months without the actual user monitoring it,
> these could end up being far more disruptive than well-watched
> accounts like Jimmy's.
>
> We may want extra security to remain mostly optional, keeping our
> projects simple to access. Education of new volunteers and trusted
> users may be critical for making it effective, such as avoiding social
> hacking. A clearer understanding of what the community would want to
> see improved would probably help set development priorities.
>
> Links
> 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> 2. https://en.wikipedia.org/wiki/Template:Committed_identity
> 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
>
> Thanks,
> Fae
> --
> fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae
>
> ___
> Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
> wiki/Mailing_lists/Guidelines
> New messages to: Wikimedia-l@lists.wikimedia.org
> Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
> 
___
Wikimedia-l mailing list, guidelines at: 
https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org
Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,