Yeah I wrote some code that got U2F support working through inside the
OATHAuth extension, though I don't think it ever got to Gerrit.
On Tue, 14 Aug 2018, 10:31 Simon Walker, wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 12/08/18 17:47, Petr Bena wrote:
> > Right now there
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 12/08/18 17:47, Petr Bena wrote:
> Right now there are only two options for two factor
> authentication:
>
> * Don't use two-factor authentication (insecure) * Use two factor
> authentication (annoying as hell)
Has any thought been given to
Am 14.08.2018 um 08:53 schrieb Adam Wight:
> What I was complaining about is that 2FA has to be used every time I log
> in. There doesn't seem to be an industry standard yet, for example gmail
> asks for 2FA only every 30 days if you've previously authenticated on the
> same machine, but GitHub
Apologies, "lack of session persistence" was a bad way to summarize what
I've been seeing. My session persistence is usually fine, and lasts a
while regardless of whether 2FA is enabled.
What I was complaining about is that 2FA has to be used every time I log
in. There doesn't seem to be an
On Mon, Aug 13, 2018 at 5:13 AM Amir E. Aharoni
wrote:
> Most of the time my session doesn't work across projects. If I log in to
> the English Wikipedia, I have to log in again to mediawiki.org, Hebrew
> Wikisource, and Wikidata [...]
This (old, erratic, hard to reproduce) bug can usually be
Hi,
I am not experiencing any issues with 2FA on my account. Maybe something
related to cookie/browser?
Best regards.
--
M. A.
___
Wikitech-l mailing list
Wikitech-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
2018-08-13 11:19 GMT+03:00 Daniel Kinzler :
> Am 13.08.2018 um 07:34 schrieb Gergo Tisza:
> > Two-factor authentication does not affect how the session works. If you
> > check "Remember me", the login will last for 180 days, whether you use
> > two-factor authentication or not.
>
> Yea, works
While there are two people in this thread complaining so i suspect its not
that obscure, but this is also the first i have ever heard of it as well.
Definitely something we need to track down.
--
Brian
On Monday, August 13, 2018, Daniel Kinzler
wrote:
> Am 13.08.2018 um 07:34 schrieb Gergo
Am 13.08.2018 um 07:34 schrieb Gergo Tisza:
> Two-factor authentication does not affect how the session works. If you
> check "Remember me", the login will last for 180 days, whether you use
> two-factor authentication or not.
Yea, works fine for me - and this is the first time I hear people
On Sun, Aug 12, 2018 at 6:47 PM Petr Bena wrote:
> With two factor authentication it doesn't seem to be possible to make
> session persistent
Two-factor authentication does not affect how the session works. If you
check "Remember me", the login will last for 180 days, whether you use
Hi Petr,
Thank you for thinking about improvements to 2FA, the lack of session
persistence makes me want to buy a paper encyclopedia.
Another issue to add to your list is that a lost 2FA device (plus lost
scratch codes) requires admin help or someone with DB access, because the
self-serve option
Oh and I totally forgot to include link to phab task:
https://phabricator.wikimedia.org/T201784
On Sun, Aug 12, 2018 at 6:47 PM, Petr Bena wrote:
> Hello,
>
> I would like to do some major changes to two factor auth. I am cross
> posting this on phabricator and the mailing list to give it some
Hello,
I would like to do some major changes to two factor auth. I am cross
posting this on phabricator and the mailing list to give it some more
attention and to start some proper discussion before anyone starts
working on this:
Right now there are only two options for two factor
13 matches
Mail list logo