Wikimedia Meta-Wiki

Help:Two-factor authentication/pt: Difference between revisions

Browse history interactively
← Older edit
Content deleted Content added
VisualWikitext
No edit summary
FuzzyBot (talk | contribs)
Bots
2,030,926 edits
Updating to match new version of source page
 
(64 intermediate revisions by 5 users not shown)
Line 3:
| title = Ajuda sobre a autenticação de dois fatores
| section =
| previous = ←[[Special:MyLanguage/Help:Contents|Páginas de ajuda]]
| next =
| shortcut = [[m:H:2FA|H:2FA]]
| notes = Esta página explica a autenticação de dois fatores nas wikis da Fundação WikimediaWikimédia. ParaTambém pode ler a [[mw:Special:MyLanguage/Extension:OATHAuth|documentação da extensão]] que adiciona esta funcionalidade, consulte [[mw:Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis]].
}}
 
A implementação da '''autenticação de dois fatores''' ('''2FA''') da WikimediaWikimédia é uma forma de aumentar a segurança da sua conta. Se ativar a [[:en:{{lwp|Two-factor authentication}}|autenticação de dois fatores]], todas as vezes em que iniciar a sessão na sua conta, ser-lhe-á solicitado um númerocódigo de autenticação de seis dígitos adicionalmentede àtodas as vezes, além da sua palavra-chavepasse. Este númerocódigo de seis dígitos pode seré fornecido por uma aplicação no seu [[:pt:{{lwp|smartphone}}|telemóvel]] ou outro dispositivo de autenticação. Para poder iniciar a sessão, deverádeve saberconhecer a sua palavra-chavepasse e ter o seu dispositivo de autenticação disponível para gerar o código.
 
<span id="Accounts_affected"></span>
== Contas afetadas ==
 
<div lang="en" dir="ltr" class="mw-content-ltr">
Two-factor authentication on Wikimedia is currently experimental and optional. Enrollment requires <code>(oathauth-enable)</code> access, currently in production testing with [[Special:MyLanguage/Administrators|administrators]] (and users with admin-like permissions like [[Special:MyLanguage/interface editors|interface editors]]), [[Special:MyLanguage/bureaucrats|bureaucrats]], [[Special:MyLanguage/Checkuser policy|checkusers]], [[Special:MyLanguage/Oversight policy|oversighters]], [[Special:MyLanguage/Stewards|stewards]], [[Special:MyLanguage/Global_permissions#Abuse_filter|edit filter managers]] and the [[Special:GlobalUsers/oathauth-tester|OATH-testers global group]].
Two-factor authentication on Wikimedia is currently experimental and optional (with some exceptions). Enrollment requires <code>(oathauth-enable)</code> access, currently in production testing with [[Special:MyLanguage/Administrators|administrators]] (and users with admin-like permissions like [[Special:MyLanguage/interface editors|interface editors]]), [[Special:MyLanguage/bureaucrats|bureaucrats]], [[Special:MyLanguage/Checkuser policy|checkusers]], [[Special:MyLanguage/Oversight policy|oversighters]], [[Special:MyLanguage/Stewards|stewards]], [[Special:MyLanguage/Global_permissions#Abuse_filter|edit filter managers]] and the [[Special:GlobalUsers/oathauth-tester|OATH-testers global group]].
 
</div>
[[Wikitech:|Wikitech]] LDAP accounts are also eligible.
 
<span id="Mandatory_use_user_groups"></span>
=== Grupos de utilizadores de utilização obrigatória ===
* [[:Category:User groups that require two-factor authentication|Grupos que requerem a autenticação de dois fatores]]
* <span lang="en" dir="ltr" class="mw-content-ltr">May 2025 announcement: [[Special:MyLanguage/Mandatory two-factor authentication for users with some extended rights|Mandatory two-factor authentication for users with some extended rights]]</span>
 
<span id="Enabling_two-factor_authentication"></span>
* [[Special:MyLanguage/Meta:Central notice administrators|central notice administrators]]
* [[Special:MyLanguage/Interface administrators|interface administrators]]
* [[Special:MyLanguage/Stewards|stewards]]
* [[Special:MyLanguage/Special global permissions|other users with special global permissions]]
* [[Meta:WMF Office IT|WMF Office IT staff]] and [[Meta:WMF Support and Safety|WMF Support and Safety staff]]
* [[Special:MyLanguage/Global_Sysops|global sysops]]
 
== Ativar a autenticação de dois fatores ===
 
* Ter acesso de <code>(oathauth-enable)</code> (Por predefinição, disponível para os administradores, burocratas, supressores, verificação de utilizadores e outros grupos de utilizadores privilegiados)
* Dispor de acesso <code>(oathauth-enable)</code>
*
* Have or install a [[:w:en:Time-based One-time Password Algorithm|Time-based One-time Password Algorithm]] (TOTP) client. For most users, this will be a phone or tablet application. Commonly recommended apps include:
Tenha ou instale um cliente [[:w:en:Time-based One-time Password Algorithm|Time-based One-time Password Algorithm]] (TOTP). Para a maioria dos usuários, este será um aplicativo de telefone ou tablet. Qualquer aplicativo compatível pode ser usado, alguns populares incluem:
** Open-source: [https://freeotp.github.io/ FreeOTP] (Android, iOS), [https://github.com/andOTP/andOTP#andotp----android-otp-authenticator andOTP] (Android), [https://mattrubin.me/authenticator/ Authenticator] (iOS)
** <span class="mw-translate-fuzzy">Código aberto: [https://github.com/beemdevelopment/Aegis Aegis] (Android, F-Droid), [https://freeotp.github.io/ FreeOTP] (Android, F-Droid, iOS), [https://github.com/twofas 2FAS] ([https://github.com/twofas/2fas-android Android], [https://github.com/twofas/2fas-ios iOS]), [https://bitwarden.com/products/authenticator/ Bitwarden Authenticator] ([https://github.com/bitwarden/authenticator-android Android], [https://github.com/bitwarden/authenticator-ios iOS]), [$andotp andOTP] (Android), [https://mattrubin.me/authenticator/ Authenticator] (iOS), [https://authenticator.cc/ Authenticator.cc] (Chrome, Firefox e Edge), [https://passman.cc/ Passman] (NextCloud), [https://keepassxc.org/ KeePassXC] (Linux, macOS, Windows</span>
** Closed-source: [https://authy.com/download/ Authy] (Android, iOS, MacOS, Windows, Chrome/Chromium-extension), [[:w:en:Google Authenticator|Google Authenticator]] ([https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB Android] [https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8 iOS])
** Código-fonte fechado: [[:w:en:Google Authenticator|Google Authenticator]] ([https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_GB Android] [https://itunes.apple.com/gb/app/google-authenticator/id388497605?mt=8 iOS]) e aplicativos autenticadores da maioria das outras grandes empresas de tecnologia
** [[:w:en:Special:PermaLink/884895095#Authenticated_implementations|Outros clientes comparados na Wikipédia em inglês]]
** <span lang="en" dir="ltr" class="mw-content-ltr">[[:w:en:Comparison of OTP applications|General comparison of many common OTP applications]] which could be used as TOTP client for 2FA (English Wikipedia)</span>
** You can also use a desktop client such as the [https://www.nongnu.org/oath-toolkit/ OATH Toolkit] (Linux, macOS via Homebrew), or [https://github.com/winauth/winauth WinAuth] (Windows). Keep in mind that if you log in from the computer used to generate TOTP codes, this approach does not protect your account if an attacker gains access to your computer.
** <span lang="en" dir="ltr" class="mw-content-ltr">You can also use a desktop client such as the [https://www.nongnu.org/oath-toolkit/ OATH Toolkit] (Linux, macOS via Homebrew), or [https://github.com/winauth/winauth WinAuth] (Windows). Keep in mind that if you log in from the computer used to generate TOTP codes, this approach does not protect your account if an attacker gains access to your computer.</span>
** Password managers such as 1Password, LastPass, and KeePass also tend to support/have plugins to support TOTP. This bears the same limitations as the above, but may be worth looking into if you already use one for other things.
** Gestores de senhas como [https://bitwarden.com/ Bitwarden], [https://keepass.info/ KeePass] e [https://proton.me/pass Proton Pass] também tendem a suportar / ter plugins para suportar TOTP. Isto tem as mesmas limitações que as acima, mas pode valer a pena examinar se já usas uma para outras coisas. [[{{lm|OATHAuth enable link|png}}|thumb|<span lang="en" dir="ltr" class="mw-content-ltr">Overview of preferences section to enable two-factor authentication.</span>]]
* <span lang="en" dir="ltr" class="mw-content-ltr">Go to [[Special:OATH]] '''on the project you hold one of the above rights on''' (this link is also available from your [[Special:Preferences#mw-prefsection-personal|preferences]]). ''(For most users, this will not be here on the meta-wiki.)''</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">[[Special:OATH]] presents you with a [[{{lwp|QR code}}|QR code]] containing the '''Two-factor account name''' and '''Two-factor secret key.''' This is needed to pair your client with the server.</span>
 
* [[Special:OATH]]<span presentslang="en" youdir="ltr" withclass="mw-content-ltr">Scan athe [[:w:en:QR code|QR code]]with, or containingenter the '''Twotwo-factor account name''' and '''Two-factor secret key.''' Thisinto, isyour needed to pair yourTOTP client with the server.</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">Enter the authentication code from your TOTP client into the OATH screen to complete the enrollment.</span>
 
* Scan the QR code with, or enter the two-factor account name and key into, your TOTP client.
 
{{Caution|1=<span class="mw-translate-fuzzy">AVISO: You will also be presented with a series of 10 one-time scratch codes. '''You should safely store a copy of these codes'''. If you lose or have a problem with your TOTP client, you will be locked out of your account unless you have access to these codes.</span>}}
* Enter the authentication code from your TOTP client into the OATH screen to complete the enrollment.
{{Caution|AVISO: You will also be presented with a series of 10 one-time scratch codes. '''You should safely store a copy of these codes'''. If you lose or have a problem with your TOTP client, you will be locked out of your account unless you have access to these codes.}}
{{clear}}
<span id="Logging_in"></span>
== Iniciar sessão ==
[[{{lm|TOTP login|png}}|thumb|Ecrã de iniciar a sessão]]
<div lang="en" dir="ltr" class="mw-content-ltr">
* Provide your username and password, and submit as before.
* Enter in a one-time six digit authentication code as provided by the TOTP client. Note: This code changes about every thirty seconds. If your code keeps getting rejected, check that the time on your device where your auth app is installed is correct.
</div>
 
<span id="Keep_me_logged_in"></span>
== Autenticação ==
[[{{lm|TOTP login|png}}|thumb|right|Ecrã de iniciar a sessão]]
* Provide your username and password, and submit as before.
* Enter in a one-time six digit authentication code as provided by the TOTP client. Note: This code changes about every thirty seconds.
 
=== Manter-me autenticado ===
 
<div lang="en" dir="ltr" class="mw-content-ltr">
If you choose this option when logging in, you normally will not need to enter an authentication code when using the same browser. Actions such as logging out or clearing the browser cache will require a code on your next login.
If you choose this option when logging in, you normally will not need to enter an authentication code when using the same browser. Actions such as logging out or clearing browser cookies will require a code on your next login.
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
Some security sensitive actions, such as changing your email address or password, may require you to re-authenticate with a code even if you chose the keep-me-logged-in option.
</div>
 
<span id="API_access"></span>
=== API de Acesso ===
 
<div lang="en" dir="ltr" class="mw-content-ltr">
Two-factor authentication is not utilized when using [[mw:Special:MyLanguage/Help:OAuth|OAuth]] or [[Special:BotPasswords|bot passwords]] to log in via the [[mw:Special:MyLanguage/API:Main page|API]].
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
You may use OAuth or bot passwords to restrict API sessions to specific actions, while still using two-factor authentication to protect your full access. Please note, OAuth and bot passwords can not be used to log on interactively to the website, only to the API.
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
For example, tools like [[w:en:Wikipedia:AutoWikiBrowser|AutoWikiBrowser]] (AWB) do not yet support two-factor authentication, but can use bot passwords.
For example, tools like [[{{lwp|Wikipedia:AutoWikiBrowser}}|AutoWikiBrowser]] (AWB) do not yet support two-factor authentication, but can use bot passwords. You may find [[{{lwp|Wikipedia:Using AWB with 2FA}}|further information on how to configure this]].
</div>
{{clear}}
<span id="Disabling_two-factor_authentication"></span>
== Desativar a autenticação de dois fatores ==
[[{{lm|LostOATH-2|png}}|thumb|<span lang="en" dir="ltr" class="mw-content-ltr">Unenrolling</span>]]
 
{{Caution|1=<span lang="en" dir="ltr" class="mw-content-ltr">If you already have 2FA enabled, removing the permission that allows you to enroll in 2FA '''WILL NOT''' disable 2FA. You need to follow the process below to disable it.</span>}}
{{Caution|
If you already have 2FA enabled, removing the permission that allows you to enroll 2FA '''WILL NOT''' disable 2FA. You need to follow the process below to disable it.}}
* Go to [[Special:OATH]] or [[Special:Preferences#mw-prefsection-personal|preferences]]. If you are no longer in groups that are permitted to enroll, you can still disable via [[Special:OATH]].
 
* <span lang="en" dir="ltr" class="mw-content-ltr">Go to [[Special:OATH]] or [[Special:Preferences#mw-prefsection-personal|preferences]]. If you are no longer in groups that are permitted to enroll, you can still disable via [[Special:OATH]].</span>
* On the <u>disable two-factor authentication</u> page, use your authentication device to generate a code to complete the process.
* <span lang="en" dir="ltr" class="mw-content-ltr">On the <u>disable two-factor authentication</u> page, use your authentication device to generate a code to complete the process.</span>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
== Scratch codes ==
== Recovery codes ==
[[{{lm|Enroll-Step3|png}}|thumb|OATH example scratch codes]]
</div>
When enrolling in two-factor authentication, you will be provided with a list of ten one-time scratch codes. '''Please print those codes and store them in a safe place, as you may need to use them in case you lose access to your 2FA device.''' It is important to note that each of these codes is '''single use'''; it may only ever be used once and then expires. After using one, you can scratch it through with a pen or otherwise mark that the code has been used. To generate a new set of codes, you will need to disable and re-enable two-factor authentication.
[[{{lm|Enroll-Step3|png}}|thumb|<span lang="en" dir="ltr" class="mw-content-ltr">OATH example recovery codes</span>]]
<div lang="en" dir="ltr" class="mw-content-ltr">
When enrolling in two-factor authentication, you will be provided with a list of ten one-time recovery codes. '''Please print those codes and store them in a safe place, as you may need to use them in case you lose access to your 2FA device.''' It is important to note that each of these codes is '''single use'''; it may only ever be used once and then expires. After using one, you can scratch it through with a pen or otherwise mark that the code has been used. To generate a new set of codes, you will need to disable and re-enable two-factor authentication.
</div>
 
<span id="Disabling_two-factor_authentication_without_an_authentication_device"></span>
=== Desativar a autenticação de dois fatores sem um dispositivo de autenticação ==
 
<div lang="en" dir="ltr" class="mw-content-ltr">
This may require '''two''' scratch codes: one to log in, and another to disable. Should you ever need to use any of your scratch codes, it is advisable to disable and re-enable to generate a fresh set of codes as soon as possible.
This may require '''two''' recovery codes: one to log in, and another to disable. Should you ever need to use any of your recovery codes, it is advisable to disable and re-enable to generate a fresh set of codes as soon as possible.
</div>
 
<span id="Recovering_from_a_lost_or_broken_authentication_device"></span>
== Recuperar a partir de um dispositivo de autenticação perdido ou danificado ==
 
<div lang="en" dir="ltr" class="mw-content-ltr">
If you have an existing 2FA device which has simply stopped generating the correct codes, check that its clock is reasonably accurate. Time-based OTP on our wikis has been known to fail with 2 minutes difference.
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
You will need access to the scratch codes that you were provided when enrolling in order to un-enroll from two-factor authentication. It will require you to use up to '''two''' scratch codes to accomplish this:
You will need access to the recovery codes that you were provided when enrolling in order to un-enroll from two-factor authentication. It will require you to use up to '''two''' recovery codes to accomplish this:
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
* You need to be logged in. If you are not already logged in, this will require use of a scratch code.
* You need to be logged in. If you are not already logged in, this will require use of a recovery code.
* Visit [[Special:OATH]] and use a different scratch code to disable two-factor authentication.
* Visit [[Special:OATH]] and use a different recovery code to disable two-factor authentication.
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
If you don't have enough scratch codes, you may contact [[Trust and Safety]] at ca{{@}}wikimedia.org to request removal of 2FA from your account (please send an email using your registered email address of your wiki account). You should also create a task on [[phab:|Phabricator]] if you still have access to it. Please note, 2FA removal by staff is not always granted.
If you don't have enough recovery codes, you may contact [[Special:MyLanguage/Trust and Safety|Trust and Safety]] at ca{{@}}wikimedia.org to request removal of 2FA from your account (please send an email using your registered email address of your wiki account). You should also create a task on [[phab:|Phabricator]] if you still have access to it. Please note, 2FA removal by staff is not always granted.
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
See [[wikitech:Password and 2FA reset#For users]] for instructions on requesting 2FA removal for your [[mw:Special:MyLanguage/Developer account|Developer account]].
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
== Web Authentication Method ==
</div>
 
<div lang="en" dir="ltr" class="mw-content-ltr">
Please note, most of the directions on this page are specific to the TOTP method. The [[{{lwp|WebAuthn}}|WebAuthn]] method is more experimental and currently has no recovery options (cf. [[phab:T244348|related developer task]]). WebAuthn has a known issue that you must make future logons on the same project that you initiate it from ([[phab:T244088|tracking task]]). WebAuthn is not currently available for use via mobile apps ([[phab:T230043|T230043]]).
</div>
 
<span id="See_also"></span>
== Consulte também ==
 
<div lang="en" dir="ltr" class="mw-content-ltr">
* [[:w:en:Multi-factor authentication|English Wikipedia article]] and [[d:Q7878662|Wikidata item]] about the concept of multi-factor authentication
* The [[:w:en:Multi-factor authentication|concept of multi-factor authentication]] in the English Wikipedia and a [[d:Q7878662|Wikidata item]] about it
* [https://phabricator.wikimedia.org/tag/mediawiki-extensions-oathauth Known bugs and requested improvements] of Wikimedia's two-factor authentication are tracked in Phabricator.
* [https://phabricator.wikimedia.org/tag/mediawiki-extensions-oathauth Known bugs and requested improvements] of Wikimedia's two-factor authentication are collaborated on and tracked in Phabricator
* [[mw:Extension:OATHAuth|OATHAuth]] is the MediaWiki extension used for this functionality
* [[mw:Special:MyLanguage/Extension:OATHAuth|OATHAuth]] is the MediaWiki extension used for this functionality
* [[mw:Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis|Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis]]
* [[mw:Special:MyLanguage/Help:Two-factor authentication|Help:Two-factor authentication]] in the MediaWiki.org
</div>
 
{{user groups}}
 
[[Category:MediaWiki extensionsSecurity{{#translation:}}|Email confirmation]]
[[Category:SecurityHandbook Wikimedia-specific]]
Retrieved from "https://meta.wikimedia.org/wiki/Help:Two-factor_authentication/pt"