The update was deployed last night just a bit after midnight UTC. Upon logging in, anyone with an affected auth factor should see a notification with instructions for how to proceed.
For the curious, you can see screenshots of the notification which I attached to the task for this change, T243247 [1]. [1]. https://phabricator.wikimedia.org/T243247 On Mon, Jan 20, 2020 at 8:17 PM Mukunda Modell <[email protected]> wrote: > The plan is as follows: > > Sometime in the near future, we will be invalidating the sessions of > anyone who has an auth factor which was potentially affected. If you were > one of the potentially affected users then the next time you log in to > Phabricator, you should see a notification directing you to reset your TOTP > auth factor. If you don't see any notice like that then you are not among > those who were potentially affected. > > I will post an update here once that is done, in the meantime you don't > need to take any action in particular. > > On Fri, Jan 17, 2020 at 11:22 AM RhinosF1 - <[email protected]> wrote: > >> What about those that do? >> >> RhinosF1 >> >> On Fri, 17 Jan 2020 at 15:51, David Sharpe <[email protected]> wrote: >> >> > There is a team working on the Phabricator 2FA action item right now. >> > More to come soon… >> > >> > No action is required for people without 2FA configured within >> Phabricator. >> > >> > >> > >> > > On Jan 17, 2020, at 10:25 AM, RhinosF1 - <[email protected]> wrote: >> > > >> > > Can you also confirm we need to take NO action? >> > > >> > > RhinosF1 >> > > >> > > On Fri, 17 Jan 2020 at 11:02, revi <[email protected]> wrote: >> > > >> > >> Hi, >> > >> >> > >> If it is possible to do so, can you notify to the people whose 2FA >> were >> > >> reset? I know at least few people who uses 2FA on Phab, and does not >> > read >> > >> emails from wikitech-l and/or wikimedia-l. >> > >> >> > >> Thanks! >> > >> >> > >> 나의 iPhone에서 보냄 >> > >> >> > >>> 2020. 1. 17. 06:26, David Sharpe <[email protected]> 작성: >> > >>> >> > >>> However, out of an abundance of caution, we are resetting all >> > Two-Factor >> > >> Authentication keys for Phabricator and invalidating the exposed >> login >> > >> access tokens. >> > >> >> > >> >> > >> _______________________________________________ >> > >> Wikitech-l mailing list >> > >> [email protected] >> > >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> > > _______________________________________________ >> > > Wikitech-l mailing list >> > > [email protected] >> > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> > >> > >> > _______________________________________________ >> > Wikitech-l mailing list >> > [email protected] >> > https://lists.wikimedia.org/mailman/listinfo/wikitech-l >> _______________________________________________ >> Wikitech-l mailing list >> [email protected] >> https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
