Wikimedia Meta-Wiki

Help:Two-factor authentication/sd: Difference between revisions

Browse history interactively
← Older edit
Content deleted Content added
VisualWikitext
FuzzyBot (talk | contribs)
Bots
2,029,766 edits
Updating to match new version of source page
FuzzyBot (talk | contribs)
Bots
2,029,766 edits
Updating to match new version of source page
 
(21 intermediate revisions by the same user not shown)
Line 18:
<div lang="en" dir="ltr" class="mw-content-ltr">
Two-factor authentication on Wikimedia is currently experimental and optional (with some exceptions). Enrollment requires <code>(oathauth-enable)</code> access, currently in production testing with [[Special:MyLanguage/Administrators|administrators]] (and users with admin-like permissions like [[Special:MyLanguage/interface editors|interface editors]]), [[Special:MyLanguage/bureaucrats|bureaucrats]], [[Special:MyLanguage/Checkuser policy|checkusers]], [[Special:MyLanguage/Oversight policy|oversighters]], [[Special:MyLanguage/Stewards|stewards]], [[Special:MyLanguage/Global_permissions#Abuse_filter|edit filter managers]] and the [[Special:GlobalUsers/oathauth-tester|OATH-testers global group]].
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
All [[Wikitech:|Wikitech]] LDAP accounts (also known as developer account) are also eligible. These accounts are not part of [[Special:MyLanguage/Help:Unified login|Single Unified Login]].
</div>
 
<span id="Mandatory_use_user_groups"></span>
=== هدايتي واپرائيندڙ گروپ ===
* <span lang="en" dir="ltr" class="mw-content-ltr">[[:Category:Global userUser groups that require two-factor authentication|Groups requiring two-factor authentication]]</span>
 
* <span lang="en" dir="ltr" class="mw-content-ltr">May 2025 announcement: [[Special:MyLanguage/Mandatory two-factor authentication for users with some extended rights|Mandatory two-factor authentication for users with some extended rights]]</span>
<div lang="en" dir="ltr" class="mw-content-ltr">
* [[:Category:Global user groups that require two-factor authentication|Groups requiring two-factor authentication]]
</div>
{{user groups}}
 
<span id="Enabling_two-factor_authentication"></span>
Line 36 ⟶ 29:
 
* <span lang="en" dir="ltr" class="mw-content-ltr">Have <code>(oathauth-enable)</code> access (by default, available to administrators, bureaucrats, suppressors, check users and other privileged user groups)</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">Have or install a [[:w:en:Time-based One-time Password Algorithm|Time-based One-time Password Algorithm]] (TOTP) client. For most users, this will be a phone or tablet application. CommonlyAny recommendedcompliant appsapplication may be used, some popular ones include:</span>
** <span lang="en" dir="ltr" class="mw-content-ltr">Open-source: [https://github.com/beemdevelopment/Aegis Aegis] (Android, F-Droid), [https://freeotp.github.io/ FreeOTP] (Android, F-Droid, iOS), [https://github.com/andOTPtwofas 2FAS] ([https:/andOTP#andotp---/github.com/twofas/2fas-android Android], [https://github.com/twofas/2fas-otp-ios iOS]), [https://bitwarden.com/products/authenticator/ andOTPBitwarden Authenticator] ([https://github.com/bitwarden/authenticator-android Android], [https://github.com/bitwarden/authenticator-ios iOS]), [https://mattrubin.me/authenticator/ Authenticator] (iOS), [https://authenticator.cc/ Authenticator.cc] (Chrome, Firefox & Edge), [https://passman.cc/ Passman] (NextCloud), [https://keepassxc.org/ KeePassXC] (Linux, macOS, Windows)</span>
** <span lang="en" dir="ltr" class="mw-content-ltr">Closed-source: [https://authy.com/download/ Authy] (Android, iOS, macOS, Windows), [[:w:en:Google Authenticator|Google Authenticator]] ([https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB Android] [https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8 iOS]) and authenticator apps from most other large tech firms</span>
** <span lang="en" dir="ltr" class="mw-content-ltr">[[:w:en:Comparison_of_OTP_applicationsComparison of OTP applications|General comparison of many common OTP applications]] which could be used as TOTP client for 2FA (English Wikipedia)</span>
** <span lang="en" dir="ltr" class="mw-content-ltr">You can also use a desktop client such as the [https://www.nongnu.org/oath-toolkit/ OATH Toolkit] (Linux, macOS via Homebrew), or [https://github.com/winauth/winauth WinAuth] (Windows). Keep in mind that if you log in from the computer used to generate TOTP codes, this approach does not protect your account if an attacker gains access to your computer.</span>
** <span lang="en" dir="ltr" class="mw-content-ltr">Password managers such as 1Password,[https://bitwarden.com/ LastPassBitwarden], and[https://keepass.info/ KeePass] and [https://proton.me/pass Proton Pass] also tend to support/have plugins to support TOTP. This bears the same limitations as the above, but may be worth looking into if you already use one for other things.</span> [[{{lm|OATHAuth enable link|png}}|thumb|<span lang="en" dir="ltr" class="mw-content-ltr">Overview of preferences section to enable two-factor authentication</span>]]
* <span lang="en" dir="ltr" class="mw-content-ltr">Go to [[Special:OATH]] '''on the project you hold one of the above rights on''' (this link is also available from your [[Special:Preferences#mw-prefsection-personal|preferences]]). ''(For most users, this will not be here on the meta-wiki.)''</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">[[Special:OATH]] presents you with a [[{{lwp|QR code}}|QR code]] containing the '''Two-factor account name''' and '''Two-factor secret key.''' This is needed to pair your client with the server.</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">Scan the QR code with, or enter the two-factor account name and key into, your TOTP client.</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">Enter the authentication code from your TOTP client into the OATH screen to complete the enrollment.</span>
 
{{Caution|1=<span lang="en" dir="ltr" class="mw-content-ltr">WARNING: You will also be presented with a series of 10 one-time scratch[[#Recovery codes|recovery codes]]. '''You should print and safely store a copy of this page'''. If you lose or have a problem with your TOTP client, you will be locked out of your account unless you have access to these codes.</span>}}
{{clear}}
 
<span id="Logging_in"></span>
== لاگِ اِن ٿيڻ ==
[[{{lm|TOTP login|png}}|thumb|لاگِ اِن اِسِڪِرين]]
<div lang="en" dir="ltr" class="mw-content-ltr">
* Provide your username and password, and submit as before.
* Enter in a one-time six digit authentication code as provided by the TOTP client. Note: This code changes about every thirty seconds. If your code keeps getting rejected, check that the time on your device where your auth app is installed is correct.
</div>
 
Line 84 ⟶ 76:
</div>
{{clear}}
 
<span id="Disabling_two-factor_authentication"></span>
== ٻہ-عنصر جي تصديق غير فعال ڪرڻ ==
Line 141 ⟶ 132:
 
<div lang="en" dir="ltr" class="mw-content-ltr">
Please note, most of the directions on this page are specific to the TOTP method. The [[{{lwp|WebAuthn}}|WebAuthn]] method is more experimental and currently has no recovery options (cf. [[phab:T244348|related developer task]]). WebAuthn has a known issue that you must make future logons on the same project that you initiate it from ([[phab:T244088|tracking task]]). WebAuthn is not currently available for use via mobile apps ([[phab:T230043|T230043]]).
</div>
</div> <span lang="en" dir="ltr" class="mw-content-ltr">WebAuthn has a known issue that you must make future logons on the same project that you initiate it from ([[phab:T244088|tracking task]]).</span>
 
<span id="See_also"></span>
Line 155 ⟶ 146:
</div>
 
{{user groups}}
[[Category:MediaWiki extensions{{#translation:}}|Email confirmation]]
 
[[Category:Security]]
[[Category:MediaWiki extensionsSecurity{{#translation:}}|Email confirmation]]
[[Category:Handbook Wikimedia-specific]]
Retrieved from "https://meta.wikimedia.org/wiki/Help:Two-factor_authentication/sd"