Bắt buộc xác thực dùng hai yếu tố với người dùng có một số quyền mở rộng
Compared to other internet platforms, an exceptionally high number of Wikimedia users are able to take security- or privacy-sensitive actions. While these are generally trusted and competent members of the community, anyone can be phished or have their passwords stolen. If an account with such rights is taken over, it could be misused to hurt other users.
This is why the Wikimedia Foundation is shifting to a more secure system by requiring two-factor authentication (2FA) to log into accounts with sensitive permissions.
We have built a range of new features to make this easier: most importantly, users can now set up as many two-factor methods as they want, including passkeys. Once a user registers a passkey, they can then log in without using a password at all. For some users, passkeys will make logging in a quicker experience than it was for them before enabling two-factor authentication!
What are sensitive permissions?
When determining what user groups to include, the Wikimedia Foundation Product Safety and Integrity team considered any that had the ability to:
- View private or confidential information (e.g., IP addresses, oversighted content)
- Edit JS/CSS for other users (or for everyone)
- Escalate permissions / promote users (add people to groups, including themselves)
- And groups that implied an official role.
Technical enforcement of 2FA and automatic removal of permissions
Users who hold sensitive permissions but don't have 2FA enabled will be contacted directly before the enforcement date with instructions on how to enable 2FA. They should visit the special page and configure an authenticator app or a security key. After that, we encourage them to also add a passkey, which greatly simplifies login and reauthentication (see the guide).
Enforcement begins with a 2-week-long grace period. During this time, it is impossible to grant sensitive permissions to users who do not have 2FA enabled. In addition, the software does not allow users with sensitive permissions to disable 2FA. If a user wishes to temporarily disable 2FA during this time, they need to request removal of the sensitive permissions first, or self-remove, if they are able. They should coordinate with Stewards on the process of disabling and enabling 2FA again.
After this period, users who don't have 2FA enabled will automatically have their sensitive permissions removed. These users may re-apply for permissions through ordinary community processes.
Permissions that require two-factor authentication
Local groups
| Local group | Explanation | Enforcement date |
|---|---|---|
| Quản lý viên thông báo chung | Edit JS/CSS for other users | March 2026 |
| Kiểm định viên | Access to private or confidential information | March 2026 |
| Bảo quản viên giao diện | Edit JS/CSS for other users | March 2026 |
| Giám sát viên | Access to private or confidential information | March 2026 |
| Nhân viên Wikidata | Official role | March 2026 |
| Nhân viên Wikifunctions | Official role | March 2026 |
| Văn phòng CNTT WMF | Official role | March 2026 |
| Tin cậy và An toàn WMF | Official role | March 2026 |
| Editors on foundationwiki | Official role | April 2026 |
| Người quản lý OAuth | Access to private or confidential information | April 2026 |
| Tiếp viên[1] | Access to private or confidential information | April 2026 |
| Translation administrators on foundationwiki | Official role | April 2026 |
| Ủy viên Ủy ban Trọng tài | Access to private or confidential information | May 2026 |
| Hành chính viên | Escalate permissions | May 2026/June 2026 |
Global groups
| Global group | Explanation | Enforcement date |
|---|---|---|
| Hỗ trợ viên bộ lọc | Access to private or confidential information | June 2026 |
| Bảo trì viên bộ lọc | Access to private or confidential information | June 2026 |
| Founder | Official role | June 2026 |
| Kỹ thuật viên giao diện toàn cục | Edit JS/CSS for other users | June 2026 |
| Bảo quản viên toàn cục | Edit JS/CSS for other users | June 2026 |
| Người nhập trang giữa các wiki | Access to private or confidential information | June 2026 |
| Thanh tra viên | Access to private or confidential information | June 2026 |
| Nhân viên | Official role | June 2026 |
| Quản trị viên hệ thống | Access to private or confidential information | June 2026 |
| Thành viên U4C | Access to private or confidential information | June 2026 |
| wmf-email-block-override | Official role | June 2026 |
| Chuyên viên nghiên cứu WMF | Official role | June 2026 |
Bối cảnh
Vài tuần trước, Wikimedia Foundation và nhóm người dùng chức năng của cộng đồng đã điều tra một vụ rò rỉ dữ liệu ảnh hưởng đến ~36,000 tài khoản người dùng. Một trông những bước xử lý đầu tiên được áp dụng là bắt buộc kích hoạt xác thực dùng nhiều yếu tố đối với các bảo quản viên giao diện tại các dự án wiki.
One of the steps we took as part of that work was to begin technically enforcing mandatory two-factor authentication for wiki interface administrators. We also expanded the technical enforcement of 2FA to oversighters and checkusers, given the privileged access they have to non-public information about editors.
In March of 2026, the Wikimedia Foundation made two-factor authentication technically mandatory for users for whom it was already required by policy. However, there are many other sensitive permissions that do not have this security protection in place. To help keep our projects and users safe, we have decided to expand our technical enforcement of 2FA to all user groups that take these actions.
Liên hệ chúng tôi
This notice is posted to provide some advance warning before the change is made, and as an opportunity to collect comments from the community members. We welcome input on how we can best implement 2FA enforcement actions like this, now and in the future, and what technical improvements to 2FA and related features we should pursue, to make this a smoother experience for everyone.
Please post your comments on the talk page, or if you have private feedback you can email security-help
wikimedia.org. We're especially interested in:
- What issues have you had, or seen others have, with two-factor authentication on Wikimedia projects? Please call out any software bugs, safety concerns, lack of documentation, difficulty with device compatibility, or anything else.
- Are there technical security requirements other than 2FA that we should be considering as potential requirements for maintaining privileged access on the wikis?
- What other user groups or privileges should we be focused on as we look at strengthening our security policies?
- What do we most need to be careful about as we go about this work?
- Any other comments or questions you have.
Những câu hỏi thường gặp
- Who is running this consultation?
- The Wikimedia Foundation Product Safety and Integrity team supported by Movement Communications.
- Điều gì xảy ra nếu tôi làm mất thiết bị đã xác thực hai yếu tố (2FA)?
- Xem hướng dẫn tại Trợ giúp:Xác thực hai yếu tố.
References
- ↑ Technically, there are both global and local steward groups, and the latter are only available to the members of the former. 2FA will be enforced on the local level first. Because of this, there will be no practical consequences of the global enforcement (set to happen later), as all stewards will have 2FA enforced by then.