Enyemaka:Nkwado mpinye usoro abụọ
Mmejuputa Wikimedia nke usoro abụọ (2FA) bụ ụzọ isi mee ka nchekwa nke akaụntụ gị sie ike. Ọ bụrụ na ịgbanye usoro mpinye abụọ, a ga-ajụ gị maka koodu nyocha mkpụrụọnụọgụ isii otu oge oge ọ bụla na mgbakwunye na paswọọdụ gị. Enyere koodu a site na ngwa dị na smartphone ma ọ bụ ngwaọrụ njirimara ọzọ. Iji banye, ị ga-amarịrị passwọọdụ gị ma nweta ngwaọrụ nyocha gị iji mepụta koodu ahụ.
Akaụntụ emetụtara
Two-factor authentication on Wikimedia is currently experimental and optional (with some exceptions). Enrollment requires (oathauth-enable)
access, currently in production testing with administrators (and users with admin-like permissions like interface editors), bureaucrats, checkusers, oversighters, stewards, edit filter managers and the OATH-testers global group.
Otu ndị ọrụ amanyererịrị iwu
Mgbanye nke usoro mpinye abụọ
- Nnweta ohere mgbanye $oathauth (na ndabara, dị maka ndị nchịkwa, ndị ọrụ ọchịchị, ndị na-egbochi ya, ndị ọrụ nlele na otu ndị ọrụ nwere oke)
- Nweta ma ọ bụ wụnye Otu Oge Paswọdu Algorithm dabere na oge onye ahịa (TOTP). Maka ọtụtụ ndị ọrụ, nke a ga-abụ ngwa ekwentị ma ọ bụ tabụletị. Ngwa ndị akwadoro gụnyere:
- Usoro n'efu: FreeOTP (Android, iOS), andOTP (Android), Authenticator (iOS), Authenticator.cc (Chrome, Firefox & Edge), Passman (NextCloud), KeePassXC (Linux, macOS, Windows)
- Usoro enweghi ikike: Authy (Android, iOS), Google Authenticator (Android iOS)
- Ntụle n'ozuzu nke ọtụtụ ngwa ntinye OTP nke enwere ike iji dị ka onye ahịa TOTP maka 2FA (Wikipedia Bekee)
- Ị nwekwara ike iji onye ahịa desktọpụ dị ka OATH Toolkit (Linux, macOS site na Homebrew), ma ọ bụ WinAuth (Windows). Buru n'uche na ọ bụrụ na ịbanye na kọmpụta eji emepụta koodu TOTP, usoro a anaghị echebe akaụntụ gị ma ọ bụrụ na onye mwakpo nwetara ohere na kọmputa gị.
- Ndị njikwa okwuntughe dị ka 1Password, Bitwarden, na KeePass na-akwadokwa / nwee plugins iji kwado TOTP. Nke a nwere oke dị ka nke a dị n'elu, mana ọ nwere ike ịba uru ileba anya ma ọ bụrụ na ị na-eji otu maka ihe ndị ọzọ.
- Gaa na Special:OATH na oru ngo ị jide otu n'ime ikike ndị dị n'elu (njikọ a dịkwa na mmasị gị). (Maka ọtụtụ ndị ọrụ, nke a agaghị adị na meta-wiki.)
- Special:OATH na-ewetara gị QR code nwere aha akaụntụ mpinye abụọna igodo nzuzo nwere mpinye abụọ. Nke a dị mkpa iji jikọta onye ahịa gị na ya. ihe nkesa
- nyochaa koodu QR., ma ọ bụ tinye aha akaụntụ mpinye abụọ na igodo n'ime, onye ahịa.
- Tinye koodu nyocha nke onye ahịa TOTP gị n'ime ihuenyo OATH iji mezue ndebanye aha.
Ịbanye
- Nye aha njirimara na paswọọdụ gị ma nyefee ya dịka ọ dị na mbụ.
- Tinye koodu nyocha ọnụọgụ isii otu oge dịka onye ahịa TOTP nyere. Mara: Koodu a na-agbanwe ihe dịka sekọndụ iri atọ ọ bụla.
Debem banye
Ọ bụrụ na ịhọrọ nhọrọ a mgbe ị na-abanye, ịgaghị achọ itinye koodu nyocha mgbe ị na-eji otu ihe nchọgharị ahụ. Omume dị ka ọpụpụ ma ọ bụ ikpochapụ kuki ihe nchọgharị ga-achọ koodu na nbanye gị ọzọ.
Ụfọdụ omume chebaara nchekwa, dị ka ịgbanwee adreesị ozi-e ma ọ bụ paswọọdụ gị, nwere ike ịchọ ka ị jiri koodu nyochaa ọzọ ọbụlagodi na ị họrọ nhọrọ idobem mbanye.
Nweta API =
A naghị eji nyocha mpinye abụọ eme ihe mgbe ị na-eji OAuth ma ọ bụ okwu bot ịbanye site na API.
Ị nwere ike iji OAuth ma ọ bụ passwọọdụ bot machibido nnọkọ API ka ọ bụrụ omume ụfọdụ, ebe ị ka na-eji usoro mpinye abụọ iji chebe ohere gị zuru oke. Biko mara, enweghị ike iji OAuth na passwọọdụ bot banye na webụsaịtị, naanị na API.
For example, tools like AutoWikiBrowser (AWB) do not yet support two-factor authentication, but can use bot passwords. You may find further information on how to configure this.
Disabling two-factor authentication
If you already have 2FA enabled, removing the permission that allows you to enroll in 2FA WILL NOT disable 2FA. You need to follow the process below to disable it. |
- Go to Special:OATH or preferences. If you are no longer in groups that are permitted to enroll, you can still disable via Special:OATH.
- On the disable two-factor authentication page, use your authentication device to generate a code to complete the process.
Recovery codes
When enrolling in two-factor authentication, you will be provided with a list of ten one-time recovery codes. Please print those codes and store them in a safe place, as you may need to use them in case you lose access to your 2FA device. It is important to note that each of these codes is single use; it may only ever be used once and then expires. After using one, you can scratch it through with a pen or otherwise mark that the code has been used. To generate a new set of codes, you will need to disable and re-enable two-factor authentication.
Disabling two-factor authentication without an authentication device
This may require two recovery codes: one to log in, and another to disable. Should you ever need to use any of your recovery codes, it is advisable to disable and re-enable to generate a fresh set of codes as soon as possible.
Recovering from a lost or broken authentication device
If you have an existing 2FA device which has simply stopped generating the correct codes, check that its clock is reasonably accurate. Time-based OTP on our wikis has been known to fail with 2 minutes difference.
You will need access to the recovery codes that you were provided when enrolling in order to un-enroll from two-factor authentication. It will require you to use up to two recovery codes to accomplish this:
- You need to be logged in. If you are not already logged in, this will require use of a recovery code.
- Visit Special:OATH and use a different recovery code to disable two-factor authentication.
If you don't have enough recovery codes, you may contact Trust and Safety at cawikimedia.org to request removal of 2FA from your account (please send an email using your registered email address of your wiki account). You should also create a task on Phabricator if you still have access to it. Please note, 2FA removal by staff is not always granted.
See wikitech:Password and 2FA reset#For users for instructions on requesting 2FA removal for your Developer account.
Web Authentication Method
Please note, most of the directions on this page are specific to the TOTP method. The WebAuthn method is more experimental and currently has no recovery options (cf. related developer task).
WebAuthn has a known issue that you must make future logons on the same project that you initiate it from (tracking task).
See also
- The concept of multi-factor authentication in the English Wikipedia and a Wikidata item about it
- Known bugs and requested improvements of Wikimedia's two-factor authentication are collaborated on and tracked in Phabricator
- OATHAuth is the MediaWiki extension used for this functionality
- Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis
- Help:Two-factor authentication in the MediaWiki.org