Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Amir Ladsgroup
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar ones. Then you scan a QR code from a special page in Wikipedia. Then every time you want to login, you need to give username, password and a short-lived token the app gives you. See

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Yongmin Hong
I believe you can find some 2FA application that isn't affiliated with Google (actually Google Authenticatir app doesn't require Google account to be linked. Tested on iOS and Android.) Also, some desktop application (ie. 1password*) is 2FA compatible. * Not Free/Open Source Software. --

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Dariusz Jemielniak
+1 to what Craig wrote: two-factor authentication, with a key stored in an authenticator application (which eliminates the problem of revealing the phone number), would definitely be a great thing - and we could make it opt-in, except for higher level functionaries. best, dariusz On Sat, Nov

Re: [Wikimedia-l] Editor safety and anonymity: ending IP address exposure?

2016-11-12 Thread Pete Forsyth
A fully enumerated list of "cons" would be an important place to start. Wikimedians and WMF have long promoted the existence of stuff ike the "Congress edits" twitter account, which reports account-less edits from capitol hill. We often block high school IP addresses at certain times in the

Re: [Wikimedia-l] Editor safety and anonymity: ending IP address exposure?

2016-11-12 Thread Vi to
Honestly I cannot find pros since it's a free choice to edit without logging, so it's not up to me to find them :D if it would depend solely on me this thread would even exist ;) Meanwhile I weight in the biggest con: the inability to use rangeblocks and an unacceptable weakening of our ability

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Vi to
Actually I consider to be sensitive the google account linked to my mobile phone :| also lots of people might have no compatible devices. Vito 2016-11-12 15:30 GMT+01:00 Amir Ladsgroup : > There is no need to store phone number at all. > You need to install an app called

[Wikimedia-l] Editor safety and anonymity: ending IP address exposure?

2016-11-12 Thread Brion Vibber
The biggest privacy problem in Wikipedia has always been the permanent public exposure of casual editors' IP addresses. Secondarily, we store logged-in editors' IP addresses for a limited time, exposing all editors' IP addresses to access by staff and volunteer accounts which could be stolen or

Re: [Wikimedia-l] Editor safety and anonymity: ending IP address exposure?

2016-11-12 Thread Lodewijk
While it is tempting to start with cons, I think for most of the community members, the question will be: 'what alternatives are there to accomplish more or less the same' with regards to fighting vandalism and sockpuppetry. And answering that question would start with describing how we actually

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread MZMcBride
Fæ wrote: >Do any of the volunteers contributing to this list have ideas for >changes that may make a significant difference to security? When you log in, you're given a user session. This session, along with local Web browser HTTP cookies, allows you to stay logged in and authenticated as you

Re: [Wikimedia-l] Editor safety and anonymity: ending IP address exposure?

2016-11-12 Thread Todd Allen
In addition, we'd be making significantly more difficult the detection and mitigation of abusive anonymous editing. Currently, when someone edits as an IP, gets blocked, resets their router, and changes the last octet, we can easily tell they're socking around a block. And to mitigate that, we can

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Craig Franklin
I know it's been said many times, but two-factor authentication, mandatory for accounts with advanced privileges and optionally available for everyone else, would seem to be a logical step. It's not foolproof, but it would go a long way to making us less of a soft target. Cheers, Craig On 12

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Amir Ladsgroup
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605 I emphasized on having 2fa for CUs, oversights and others with private data access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's

Re: [Wikimedia-l] How should security of Wikimedia accounts be better?

2016-11-12 Thread Vi to
My phone number is something I consider highly sensitive. Linking this kind of data to my online identity would be an unacceptable risk for me. Vito 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup : > As far as I know 2FA is already implemented and mandatory for WMF staff >