noticeboard#Two-Factor_Authentication_now_available_for_admins
>> >
>> >
>> > Von: Wikimedia-l <wikimedia-l-boun...@lists.wikimedia.org> im Auftrag
>> von
>> > Amir Ladsgroup <ladsgr...@gmail.com>
>> > Ges
Task https://phabricator.wikimedia.org/T150605
I have raised the above task for the WMF to publish an appropriate
summary of the behind the scenes analysis of the recent hack of
accounts and the claimed copying of the English Wikipedia database
(presumably user account tables). The request
Fæ wrote:
>Do any of the volunteers contributing to this list have ideas for
>changes that may make a significant difference to security?
When you log in, you're given a user session. This session, along with
local Web browser HTTP cookies, allows you to stay logged in and
authenticated as you
+1 to what Craig wrote: two-factor authentication, with a key stored in an
authenticator application (which eliminates the problem of revealing the
phone number), would definitely be a great thing - and we could make it
opt-in, except for higher level functionaries.
best,
dariusz
On Sat, Nov
I believe you can find some 2FA application that isn't affiliated with Google
(actually Google Authenticatir app doesn't require Google account to be linked.
Tested on iOS and Android.)
Also, some desktop application (ie. 1password*) is 2FA compatible.
* Not Free/Open Source Software.
--
Actually I consider to be sensitive the google account linked to my mobile
phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup :
> There is no need to store phone number at all.
> You need to install an app called
There is no need to store phone number at all.
You need to install an app called "Google Authenticator" or similar ones.
Then you scan a QR code from a special page in Wikipedia. Then every time
you want to login, you need to give username, password and a short-lived
token the app gives you. See
My phone number is something I consider highly sensitive. Linking this kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup :
> As far as I know 2FA is already implemented and mandatory for WMF staff
>
As far as I know 2FA is already implemented and mandatory for WMF staff
accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
I emphasized on having 2fa for CUs, oversights and others with private data
access: https://phabricator.wikimedia.org/T107605#2570342
Not sure what's
I know it's been said many times, but two-factor authentication, mandatory
for accounts with advanced privileges and optionally available for everyone
else, would seem to be a logical step. It's not foolproof, but it would go
a long way to making us less of a soft target.
Cheers,
Craig
On 12
10 matches
Mail list logo