Do those of us using Phabricator 2FA need to take any action? On Fri, Jan 17, 2020 at 7:38 AM Greg Grossmeier <[email protected]> wrote:
> Keeping this thread on-list to help others who might be unsure. > > Hello Pine, > > On Thu, Jan 16, 2020 at 4:23 PM Pine W <[email protected]> wrote: > > > The way that I log into Phab is by using > > https://phabricator.wikimedia.org/auth/start/?next=%2F, and then logging > > into MediaWiki and authorizing Phab to access my credentials. The > MediaWiki > > login including the 2FA is the same that I use for many other Wikimedia > > sites. > > > > Correct, you are logging into your MediaWiki account with your 2FA token, > then you are logging into Phabricator via OAuth. > > None of those logins nor 2FA tokens were affected by this. > > > > So, although this 2FA allows logins to Phabricator, it sounds like there > is > > a separate 2FA for some people for Phabricator access, perhaps for people > > with LDAP logins, and that is the 2FA that is affected. Is this correct? > > > > Correct. Phabricator has its own 2FA system for people to use. > > You can see if you use it via your Account Settings, then clicking on > "Multi-Factor Auth". That is the 2FA that is affected in this incident. > > Best, > > Greg > > -- > | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | > | Dir. Engineering Productivity A18D 1138 8E47 FAC8 1C7D | > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l -- Michael Holloway Software Engineer, Product Infrastructure _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
