![]() In my personal opinion, some folks who are tech savvy might be underestimating the complexity of such arrangements. At some point there might need to be a cutoff for "don't want to". Not everybody can/will download an authenticator software in lieu of two devices, e.g when they are on devices they don't own.Īs noted above, there are websites that can do TOTP if you can't install an authenticator app.Īlthough I suppose some people might be opposed to doing that too.It's not even clear whether that's referring to 2FA itself being illegal or just certain kinds of smartphones, or whether it is actually known to be illegal anywhere. The one comment on that enwiki discussion asserting this states "people who live in countries where it is not legal to own certain types of technology (or could result in significant state surveillance if owned)". 2FA is not necessarily legal everywhere in the world.It'll still be effective against the password reuse problem that seems to have been a major factor in the recent incident, at least until someone breaks into keeweb □ Of course, using one device or using a website does bring some reduction in security. I further note that the software behind is open source, so you could run a mirror if you don't trust the site itself. If necessary, there are even online password managers like that support TOTP. A program to generate TOTP codes can likely be run on any device capable of running a web browser or the mobile apps. Not everybody has two devices available or is willing/able to pay for them.ĢFA doesn't require two devices.T180896: Allow functionaries to reset second factor on low-risk accounts T150601: Add option to generate new set of scratch codes T131788: Users should be notified when only two scratch tokens are left T166622: Allow all users on all wikis to use OATHAuth ![]() T201784: Implement option "require two-factor authentication only for dangerous actions" T197501: Make users without 2FA setup not have checkuser right regardless of their groups T242031: Allow multiple different 2FA devices T145915: OATHAuth OTP shouldn't be stored in cleartext in the DB T197137: Editing sitewide JS/CSS pages should require elevated security Mentioned Here rEOAT498dcfeb80fc: Require OATHAuth for membership in specified user groups T197160: All security-sensitive MediaWiki functionality should require elevated security T265726: Assign oathauth-verify-user to bureaucrats on WMF wikis Mentioned In T282624: Limit IA granting/revoking to stewards only
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |