Helpo:Dufaktora aŭtentigo

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
This page is a translated version of the page Help:Two-factor authentication and the translation is 41% complete.

Other languages:
Bahasa Indonesia • ‎Deutsch • ‎English • ‎Esperanto • ‎Nederlands • ‎Tiếng Việt • ‎Türkçe • ‎asturianu • ‎dansk • ‎español • ‎français • ‎galego • ‎italiano • ‎norsk bokmål • ‎polski • ‎português • ‎português do Brasil • ‎română • ‎беларуская (тарашкевіца)‎ • ‎русский • ‎سنڌي • ‎فارسی • ‎नेपाली • ‎हिन्दी • ‎বাংলা • ‎മലയാളം • ‎ไทย • ‎ქართული • ‎中文 • ‎日本語
Helpaj paĝoj Helpo pri dufaktora aŭtenitiga
Ĉiu tiu paĝo klarigas dufaktoran aŭtentigon sur vikioj direktataj de Vikimedia Fondaĵo. Por dokumentaro de la etendaĵo kiu aldonas ĉi tiun funkcion vidu mw:Extension:OATHAuth.

La efektivigo de Wikimedia de dufaktora aŭtentigo (2FA) estas vojo plifortigi sekurecon de via konto. Se vi ebligas dufaktora aŭtentigo, vi estos petita pri dono de unufoja, sescifera aŭtentiga kodo en via saĝtelefono aŭ alia aŭtentiganta aparato por ensaluto, vi devas koni vian pasvorton kaj havi via aŭtentiganta aparato, por ke krei la kodon.

Kontoj, kiuj tio temas

Two-factor authentication on Wikimedia is currently experimental and optional. Enrollment requires (oathauth-enable) access, currently in production testing with administrators (and users with admin-like permissions like interface editors), bureaucrats, checkusers, oversighters, stewards, edit filter managers and the OATH-testers global group.

Wikitech LDAP accounts are also eligible.

Mandatory use user groups

Ŝaltado de dufaktora aŭtentigo

  • Have (oathauth-enable) access
  • Have or install a Time-based One-time Password Algorithm (TOTP) client. For most users, this will be a phone or tablet application. Commonly recommended apps include:
    • Open-source: FreeOTP (Android, iOS), andOTP (Android), Authenticator (iOS)
    • Closed-source: Authy (Android, iOS, MacOS, Windows, Chrome/Chromium-extension), Google Authenticator (Android iOS)
    • other clients compared at English Wikipedia
    • You can also use a desktop client such as the OATH Toolkit (Linux, macOS via Homebrew), or WinAuth (Windows). Keep in mind that if you log in from the computer used to generate TOTP codes, this approach does not protect your account if an attacker gains access to your computer.
    • Password managers such as 1Password, LastPass, and KeePass also tend to support/have plugins to support TOTP. This bears the same limitations as the above, but may be worth looking into if you already use one for other things.
Superrigardo de agordoj sekcas ŝalti dufaktora aŭtentigo.
  • Go to Special:OATH on the project you hold one of the above rights on (this link is also available from your preferences). (For most users, this will not be here on the meta-wiki.)
  • Special:OATH presents you with a QR code containing the Two-factor account name and Two-factor secret key. This is needed to pair your client with the server.
  • Scan the QR code with, or enter the two-factor account name and key into, your TOTP client.
  • Enter the authentication code from your TOTP client into the OATH screen to complete the enrollment.
Warning WARNING: You will also be presented with a series of 10 one-time scratch codes. You should safely store a copy of these codes. If you lose or have a problem with your TOTP client, you will be locked out of your account unless you have access to these codes.

Ensaluto

Saluta ekrano
  • Donu vian salutnomon kaj pasvorton kiel antaŭe.
  • Konduku unufojan sesciferan kodon ankoraŭ provizita de la TOTPa kliento. Noto: Ĉi tiuj kodaj ŝanĝoj pri ĉiu tridek sekundoj.

Restigu min ensalutanta

Se vi elektas ĉi tiun elekton dum ensaluto, vi normale ne devos doni aŭtentigan kodon kiam uzas saman retumilon. Agoj tia kiel adiaŭo aŭ elpurigo la retumilan konservejon postulos kodon en via sekvanta ensaluto.

Kelka de sekureco sentemaj agoj, kiel ŝanĝo de vian retpoŝtan adreson aŭ pasvorton, povas postuli vin al reaŭtentigo kun kodo eĉ se vi elektis opcion lasu min salutata.

API-a aliro

Two-factor authentication is not utilized when using OAuth or bot passwords to log in via the API.

You may use OAuth or bot passwords to restrict API sessions to specific actions, while still using two-factor authentication to protect your full access. Please note, OAuth and bot passwords can not be used to log on interactively to the website, only to the API.

For example, tools like AutoWikiBrowser (AWB) do not yet support two-factor authentication, but can use bot passwords.

Malŝaltado de dufaktora aŭtentigo

Unenrolling
Warning

If you already have 2FA enabled, removing the permission that allows you to enroll 2FA WILL NOT disable 2FA. You need to follow the process below to disable it.

  • On the disable two-factor authentication page, use your authentication device to generate a code to complete the process.

Grataĵaj kodoj

ĴURA ekzemplo grataĵaj kodoj

When enrolling in two-factor authentication, you will be provided with a list of ten one-time scratch codes. Please print those codes and store them in a safe place, as you may need to use them in case you lose access to your 2FA device. It is important to note that each of these codes is single use; it may only ever be used once and then expires. After using one, you can scratch it through with a pen or otherwise mark that the code has been used. To generate a new set of codes, you will need to disable and re-enable two-factor authentication.

Malŝaltado de dufaktora aŭtentigo sen aŭtentigo de aparato

This may require two scratch codes: one to log in, and another to disable. Should you ever need to use any of your scratch codes, it is advisable to disable and re-enable to generate a fresh set of codes as soon as possible.

Retrovo el perdata aŭ difektata aŭtentiga aparato

If you have an existing 2FA device which has simply stopped generating the correct codes, check that its clock is reasonably accurate. Time-based OTP on our wikis has been known to fail with 2 minutes difference.

You will need access to the scratch codes that you were provided when enrolling in order to un-enroll from two-factor authentication. It will require you to use up to two scratch codes to accomplish this:

  • You need to be logged in. If you are not already logged in, this will require use of a scratch code.
  • Visit Special:OATH and use a different scratch code to disable two-factor authentication.

If you don't have enough scratch codes, you may contact Trust and Safety at ca@wikimedia.org to request removal of 2FA from your account (please send an email using your registered email address of your wiki account). You should also create a task on Phabricator if you still have access to it. Please note, 2FA removal by staff is not always granted.

Vidu ankaŭ