Help:Two-factor authentication/gl: Difference between revisions
Content deleted Content added
Updating to match new version of source page |
Updating to match new version of source page |
||
| (27 intermediate revisions by the same user not shown) | |||
Line 19:
<div lang="en" dir="ltr" class="mw-content-ltr">
Two-factor authentication on Wikimedia is currently experimental and optional (with some exceptions). Enrollment requires <code>(oathauth-enable)</code> access, currently in production testing with [[Special:MyLanguage/Administrators|administrators]] (and users with admin-like permissions like [[Special:MyLanguage/interface editors|interface editors]]), [[Special:MyLanguage/bureaucrats|bureaucrats]], [[Special:MyLanguage/Checkuser policy|checkusers]], [[Special:MyLanguage/Oversight policy|oversighters]], [[Special:MyLanguage/Stewards|stewards]], [[Special:MyLanguage/Global_permissions#Abuse_filter|edit filter managers]] and the [[Special:GlobalUsers/oathauth-tester|OATH-testers global group]].
</div>▼
</div>
Line 28 ⟶ 24:
=== Mandatory use user groups ===
</div>
* <span lang="en" dir="ltr" class="mw-content-ltr">[[:Category:
* <span lang="en" dir="ltr" class="mw-content-ltr">May 2025 announcement: [[Special:MyLanguage/Mandatory two-factor authentication for users with some extended rights|Mandatory two-factor authentication for users with some extended rights]]</span>
▲* [[:Category:Global user groups that require two-factor authentication|Groups requiring two-factor authentication]]
<div lang="en" dir="ltr" class="mw-content-ltr">
Line 38 ⟶ 32:
* <span lang="en" dir="ltr" class="mw-content-ltr">Have <code>(oathauth-enable)</code> access (by default, available to administrators, bureaucrats, suppressors, check users and other privileged user groups)</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">Have or install a [[:w:en:Time-based One-time Password Algorithm|Time-based One-time Password Algorithm]] (TOTP) client. For most users, this will be a phone or tablet application.
** <span lang="en" dir="ltr" class="mw-content-ltr">Open-source: [https://github.com/beemdevelopment/Aegis Aegis] (Android, F-Droid), [https://freeotp.github.io/ FreeOTP] (Android, F-Droid, iOS), [https://github.com/
** <span lang="en" dir="ltr" class="mw-content-ltr">Closed-source:
** <span lang="en" dir="ltr" class="mw-content-ltr">[[:w:en:
** <span lang="en" dir="ltr" class="mw-content-ltr">You can also use a desktop client such as the [https://www.nongnu.org/oath-toolkit/ OATH Toolkit] (Linux, macOS via Homebrew), or [https://github.com/winauth/winauth WinAuth] (Windows). Keep in mind that if you log in from the computer used to generate TOTP codes, this approach does not protect your account if an attacker gains access to your computer.</span>
** <span lang="en" dir="ltr" class="mw-content-ltr">Password managers such as
* <span lang="en" dir="ltr" class="mw-content-ltr">Go to [[Special:OATH]] '''on the project you hold one of the above rights on''' (this link is also available from your [[Special:Preferences#mw-prefsection-personal|preferences]]).
* <span lang="en" dir="ltr" class="mw-content-ltr">[[Special:OATH]] presents you with a [[{{lwp|QR code}}|QR code]] containing the '''Two-factor account name''' and '''Two-factor secret key.''' This is needed to pair your client with the server.</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">Scan the QR code with, or enter the two-factor account name and key into, your TOTP client.</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">Enter the authentication code from your TOTP client into the OATH screen to complete the enrollment.</span>
{{Caution|1=<span lang="en" dir="ltr" class="mw-content-ltr">WARNING: You will also be presented with a series of 10 one-time
{{clear}}
<div lang="en" dir="ltr" class="mw-content-ltr">
== Logging in ==
Line 58 ⟶ 50:
[[{{lm|TOTP login|png}}|thumb|<span lang="en" dir="ltr" class="mw-content-ltr">Login screen</span>]]
<div lang="en" dir="ltr" class="mw-content-ltr">
* Provide your username and password, and submit as before.
* Enter in a one-time six digit authentication code as provided by the TOTP client. Note: This code changes about every thirty seconds. If your code keeps getting rejected, check that the time on your device where your auth app is installed is correct.
</div>
Line 90 ⟶ 82:
</div>
{{clear}}
<div lang="en" dir="ltr" class="mw-content-ltr">
== Disabling two-factor authentication ==
Line 100 ⟶ 91:
* <span lang="en" dir="ltr" class="mw-content-ltr">Go to [[Special:OATH]] or [[Special:Preferences#mw-prefsection-personal|preferences]]. If you are no longer in groups that are permitted to enroll, you can still disable via [[Special:OATH]].</span>
* <span lang="en" dir="ltr" class="mw-content-ltr">On the <u>disable two-factor authentication</u> page, use your authentication device to generate a code to complete the process.</span>
<div lang="en" dir="ltr" class="mw-content-ltr">
==
</div>
[[{{lm|Enroll-Step3|png}}|thumb|<span lang="en" dir="ltr" class="mw-content-ltr">OATH example
<div class="mw-translate-fuzzy">
Cando matricules en dobre factor de autentificación, terás unha lista con cinco esfoladuras de códigos temporais. '''Fai o favor de imprimir esos códigos e gardalos en lugar seguro, cando no caso os necesites usar perdes o acceso ao dispositivo 2FA'''. Ven sendo importante anotar cada un deses códigos coma '''uso único'''; pode que nunca sexa utilizado e expire. Despois de usalo, tachalo cun boli ou outra marca como código expirado. Xera un novo xogo de códigos, necesitarás desactivar e rehabilitar dobre factor de autentificación.
Line 115 ⟶ 105:
<div lang="en" dir="ltr" class="mw-content-ltr">
This may require '''two'''
</div>
Line 127 ⟶ 117:
<div lang="en" dir="ltr" class="mw-content-ltr">
You will need access to the
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
* You need to be logged in. If you are not already logged in, this will require use of a
* Visit [[Special:OATH]] and use a different
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
If you don't have enough
</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
See [[wikitech:Password and 2FA reset#For users]] for instructions on requesting 2FA removal for your [[mw:Special:MyLanguage/Developer account|Developer account]].
</div>
Line 148 ⟶ 138:
<div lang="en" dir="ltr" class="mw-content-ltr">
Please note, most of the directions on this page are specific to the TOTP method.
▲</div>
<div lang="en" dir="ltr" class="mw-content-ltr">
== See also ==
Line 155 ⟶ 146:
<div lang="en" dir="ltr" class="mw-content-ltr">
* The [[:w:en:Multi-factor authentication|
* [https://phabricator.wikimedia.org/tag/mediawiki-extensions-oathauth Known bugs and requested improvements] of Wikimedia's two-factor authentication are collaborated on and tracked in Phabricator
* [[mw:Special:MyLanguage/Extension:OATHAuth|OATHAuth]] is the MediaWiki extension used for this functionality
* [[mw:Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis|Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis]]
Line 162 ⟶ 153:
</div>
{{user groups}}
[[Category:MediaWiki extensions{{#translation:}}|Email confirmation]]▼
[[Category:Handbook Wikimedia-specific]]
| |||