Talk:Interface administrators

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Filing cabinet icon.svg
SpBot archives all sections tagged with {{Section resolved|1=~~~~}} after 3 days and sections whose most recent comment is older than 30 days. For the archive overview, see /Archives. The latest archive is located at /Archives/2018.

2FA requirement[edit]

What happens if an interface administrator doesn't have 2FA and their account is hacked? Can they get into trouble because it's required for legal reasons? The mass message that was sent to projects about the new password requirements didn't mention 2FA for interface admins so I don't think everyone even knows about it. -kyykaarme (talk) 22:34, 4 January 2019 (UTC)

@Kyykaarme: you'd have to ask legal@wikimedia.org or your attorney for legal advice. — xaosflux Talk 00:25, 5 January 2019 (UTC)
From a community point of view, you could have permissions removed, your account locked, and you could be barred from having access in the future. — xaosflux Talk 00:25, 5 January 2019 (UTC)
Thank you for the reply. I hope the WMF is still planning to inform the projects about it, because the requirement was added months after the group was created so it's possible that some users or even projects are unaware of it. -kyykaarme (talk) 18:19, 8 January 2019 (UTC)
@Kyykaarme: they began emailing the individual users, I think they are hoping for a technical enforcement to get completed soon. — xaosflux Talk 19:21, 8 January 2019 (UTC)
Good to know, thanks! -kyykaarme (talk) 21:12, 8 January 2019 (UTC)

Ad hoc assignment and 2FA[edit]

On some smaller projects (/me waves hands vaguely), the practice is that temporary extended permissions are assigned ad hoc by request to a local bureaucrat. +sysop has a full process and is assigned permanently, but anything else is done ad hoc. Prior to interface admin, this included giving normal users +sysop temporarily if they were going to work on Common.js or similar.

When interface admin was introduced there was a discussion on how to handle it, and the main sentiment was that we could treat interface admin the same way and no special policy for it was needed.

The net result is that we currently have no local interface admins (despite actually having volunteers for it).

Now, so far as I can divine from this page, there is no exemption to the 2FA requirement for temporary ad hoc assignments of interface admin, so at a minimum the local bureaucrats would have to check that whoever asked does in fact have 2FA enabled? Is there any way for them to actually do that? Is it now possible for users to get 2FA enabled without already holding advanced permissions (i.e. a hypotethical normal user asking a local bureaucrat for temporary interface admin)?

Also, my reading of this page suggests to me an assumption that there will be an actual written policy on the project regulating how to assign interface admin, including, for example, a requirement to check for 2FA. But that may be just me reading too much into it? Would I need to persuade a policy-averse local community to develop such a policy in order to solve this without putting our local bureaucrats in a bind? Or running into problems with the Stewards if we ever lose our local bureaucrats?

In any case, our lack of local interface admins is becoming increasingly problematic, so I'm trying to figure out what formalities actually apply (or don't, as the case may be) so we can correct that. --Xover (talk) 22:36, 6 February 2020 (UTC)

There is currently no way to check if 2FA is enabled (but see phab:T209749). If you don't have permissions that already include the ability to enable 2FA (eg sysop) you can request 2fa tester at SRGP --DannyS712 (talk) 22:57, 6 February 2020 (UTC)
@Xover: I wouldn't worry about it too much. Tell those who apply that the global policy requires them to use 2FA and leave it at that. If the site operators seriously want to mandate 2FA, they should enforce it on the software level (and no doubt they will at some point). If you are particularly worried about some specific person ignoring the policy, you can always ask the developers (through Trust and Safety, for example) to verify it, but generally this is one of thos steak knives things - it's fine to just assume people are honest and honor the policy. --Tgr (talk) 21:07, 7 February 2020 (UTC)
@Tgr: Well, I'm mostly worried about putting the local bureaucrats in a bind: if there are global (outside of local project policy scope) formal requirements, the bureaucrats are the ones that will in principle be answerable for it since they're the ones assigning the bit. Not to mention that I'd rather not suddenly discover that we've been doing it all wrong when we suddenly, for whatever reason, need to ask the Stewards for help with something down the road.
But in any case, my read of what you say is then that the 2FA requirement from legal is in practice an obligation on those requesting the bit; and that other than that a project can assign it using any process they choose, no matter how lax or strict, and nobody will come wagging their fingers at us for it?
I personally happen to like written policy (lots and lots of written policy! the drier and more bureaucratic the better!), but this community is actively averse to having too much of that, so I imagine that will be welcome news. :) --Xover (talk) 22:14, 7 February 2020 (UTC)
Even on large projects (like enwiki) we have no way to actually validate this, we inform a requester that it is required, check if they have the capability to do it, then trust that they are not lying to us when they say they have done it. This is why I asked for phab:T209749 over a year ago... — xaosflux Talk 00:42, 8 February 2020 (UTC)
Well, from a technical point of view, for something that rises to an actual direct requirement from WMF Legal, it does appear rather half-baked. And I am not at all convinced this particular measure is what would have the best cost—benefit value for the given threat model (because I'm sure the threat model was properly defined before deciding on the best measures… 😀). But, biting my tongue on that aspect, so long as it's clear what are actual global requirements and what is simply up to each project to decide, I'm happy. --Xover (talk) 09:12, 8 February 2020 (UTC)
Oh, an addendum to that… It occurs to me that what's making me uncertain here is that this page is mostly shaped like a help page with some suggestions on what would be good ideas ("Have two int. admins so they can check eachother", etc.) but then there's suddenly a policy-style requirement introduced from the WMF. Thinking about it I think I see why it is that way, but I also think that once you introduce one formal requirement it makes a whole lot more sense to formulate the whole thing as policy. Not because you necessarily need to have any more requirements, but because that approach makes it clear that the rest are not requirements. Or, you know, that's just my policy-wonk tendencies getting over-excited. :) --Xover (talk) 09:24, 8 February 2020 (UTC)
The page was originally a help page, I suppose when the WMF came up with the policy of requiring 2FA for some accounts they needed a place to put it and this was the easiest. It's temporary anyway, the software will enforce it at some point, but no one had the time to do that so far. --Tgr (talk) 22:46, 9 February 2020 (UTC)