Community Wishlist Survey 2017/Miscellaneous/2 factor authentication for all
2 factor authentication for all
- Problem: Currently 2 factor authentication is by default only available to users with elevated user rights, like sysops. This is due to multiple unsolved usability problems that caution us
- Who would benefit: Registered users
- Proposed solution: Solve the usability options and improve account recovery process.
- More comments:
- Phabricator tickets: phab:T166622, phab:T100375, phabricator project
- Proposer: —TheDJ (talk • contribs) 12:04, 8 November 2017 (UTC)
- Translations: none yet
Discussion
[edit]- Personally I don't forsee this happening, allowing anyone to enable 2fa could cause operations having to reset forgotten 2fa credentials constantly, for example if someone were to lose their scratch codes (which I've done before on wikitech) its a task that while may not to be hard, would get annoying and cause a lot of potiental extra work for the already busy operations team Zppix (talk) 17:40, 8 November 2017 (UTC)
- Solving this, would indeed require that ops people are no longer required for a reset, simply because there is no UI to modify this part of the database. When you reset is rules that we will have to define. We could have a group with checkuser abilities for that for instance. Or require at least email verification + password verification, or submitting evidence to OTRS. There's options. —TheDJ (talk • contribs) 08:11, 9 November 2017 (UTC)
- Note: There is currently an ongoing RfC in this regard. Reception123 (talk) 17:53, 9 November 2017 (UTC)
- @TheDJ: didn't see any task about that so filed T180896. --Tgr (WMF) (talk) 06:21, 19 November 2017 (UTC)
- Solving this, would indeed require that ops people are no longer required for a reset, simply because there is no UI to modify this part of the database. When you reset is rules that we will have to define. We could have a group with checkuser abilities for that for instance. Or require at least email verification + password verification, or submitting evidence to OTRS. There's options. —TheDJ (talk • contribs) 08:11, 9 November 2017 (UTC)
- I do support this, though it should be optional and not mandatory. --Donald Trung (Talk 🤳🏻) (My global lock 🔒) (My global unlock 🔓) 10:08, 29 November 2017 (UTC)
- This can be solved for some of the users by using proofs like in Keybase. Probably several systems should be used to revoke a 2-factor authentication setup, but I'm not sure how this should be done. Only thing I do know; don't rely on SMS alone for a revoke! — Jeblad 23:50, 10 December 2017 (UTC)
Voting
[edit]
Support This would probably be a long time run, but the result will be worth the efforts spent. Vachovec1 (talk) 20:23, 27 November 2017 (UTC)- Support Tgr (talk) 06:35, 28 November 2017 (UTC)
- Support ·addshore· talk to me! 10:42, 28 November 2017 (UTC)
- Support --Liuxinyu970226 (talk) 13:11, 28 November 2017 (UTC)
- Support YFdyh000 (talk) 14:57, 28 November 2017 (UTC)
Strong support — Arkanosis ✉ 15:14, 28 November 2017 (UTC)- Support Husky (talk) 16:22, 28 November 2017 (UTC)
- Support Laboramus (talk) 20:35, 28 November 2017 (UTC)
- Support Thomas Obermair 4 (talk) 21:56, 28 November 2017 (UTC)
- Support — Luchesar • T/C 22:01, 28 November 2017 (UTC)
- Support 𝔊 (Gradzeichen Diſk✉Talk) 06:44, 29 November 2017 (UTC)
- Support Donald Trung (Talk 🤳🏻) (My global lock 🔒) (My global unlock 🔓) 10:07, 29 November 2017 (UTC)
- Support —TheDJ (talk • contribs) 14:36, 29 November 2017 (UTC)
- Support MichaelSchoenitzer (talk) 20:12, 29 November 2017 (UTC)
- Support At least for other trusted user groups e.g. patrollers, rollbackers, etc. Meisam (talk) 20:46, 29 November 2017 (UTC)
- Support – Meiræ 22:12, 29 November 2017 (UTC)
- Support ZellmerLP (talk) 22:27, 29 November 2017 (UTC)
- Support Mhollo (talk) 23:29, 29 November 2017 (UTC)
- Support — putnik 01:37, 30 November 2017 (UTC)
- Support Reception123 (talk) 19:27, 30 November 2017 (UTC)
- Support Daniel Case (talk) 03:19, 1 December 2017 (UTC)
- Support Eug (talk) 11:55, 1 December 2017 (UTC)
- Support Shjup (talk) 18:28, 1 December 2017 (UTC)
- Support Lofhi (talk) 19:46, 1 December 2017 (UTC)
- Support Amir (talk) 00:56, 2 December 2017 (UTC)
- Support Terra ❤ (talk) 07:09, 2 December 2017 (UTC)
- Support Gnom (talk) Let's make Wikipedia green! 10:16, 2 December 2017 (UTC)
- Support Петър Петров (talk) 16:08, 2 December 2017 (UTC)
- Support Tacsipacsi (talk) 12:20, 3 December 2017 (UTC)
- Support LikeLifer (talk) 18:38, 3 December 2017 (UTC)
- Support this could be opt in Gryllida 00:52, 4 December 2017 (UTC)
- Support Freayd (talk) 07:42, 4 December 2017 (UTC)
- Support More security is good NessieVL (talk) 18:52, 5 December 2017 (UTC)
- Support Armbrust (talk) 22:14, 5 December 2017 (UTC)
- Support This probably won't pass, but I'm supporting it. Also, please note I put my name on the RFC. Cocohead781 (talk) 03:11, 6 December 2017 (UTC)
- Support Support as an optional choice for non elevated user. -glove- (talk) 16:12, 6 December 2017 (UTC)
- Support Micru (talk) 20:23, 6 December 2017 (UTC)
- Support I support this proposal for any account with any nonautomatic rights attached (rollback, review, pending changes, etc). Dolotta (talk) 19:37, 7 December 2017 (UTC)
- Support Ahm masum (talk) 21:38, 7 December 2017 (UTC)
- Support All registered users should have the option to choose 2fa X:: black ::X (talk) 09:59, 10 December 2017 (UTC)
- Support Yohannvt (talk) 12:00, 11 December 2017 (UTC)
