Help talk:Two-factor authentication/Archives/2021

Latest comment: 3 years ago by Bautsch in topic FIDO

When enabling webauthn -- no scratch codes

Tracked in Phabricator:
Task T244348

Is this intentional or a bug? I only get scratch codes for TOTP 2FA. – JonathanCross (talk) 13:15, 10 February 2021 (UTC)

@JonathanCross: See phab:T244348 - I strongly discourage you from using this method on anything but a disposable testing account right until this is solved. — xaosflux Talk 16:18, 10 February 2021 (UTC)
I added a text warning on the enrollment page here. — xaosflux Talk 16:21, 10 February 2021 (UTC)

AWB with 2FA in other language editions

Does anyone here know if the suggested method for using AWB with 2FA works in other languages than english? I am currently applying for adminship on the Swedish Wikipedia for my bot-account EstrellaBot for usage in a clean-up project. I'd like to be able to ease our community worries by using 2FA for this Bot-account to make absolutely 100% sure that no one else can gain access. But if it turns out I then can't use AWB for the bot, it defeats the whole purpose of the bot being admin in the first place. So, does anyone know how or if this would work? EstrellaSuecia (talk) 17:04, 5 March 2021 (UTC)

@EstrellaSuecia: yes, Special:BotPasswords are part of SUL, so are not project-specific (nor are the grants you include in them). — xaosflux Talk 17:28, 5 March 2021 (UTC)

Changing smartphone

Hi, I got a new smartphone, so how to scan a new QR code? This seems basic information, and it is not in the help page. Thanks, Yann (talk) 20:11, 16 May 2021 (UTC)

@Yann: Hi, if the app you use to generate the codes is Microsoft Authenticator you have the possibility to backup the accounts you're using the app for and restore them in the new phone downloading the app and signing in with the same Microsoft account (of course first you'll have to enable the backup from the app's settings in the old phone). That way your new phone would start generating valid codes to pass 2FA access. Other apps I don't know may offer a similar feature.
In any other case (including, of course, if you're old phone is broken or you've already got rid of it), you'll have to disable 2FA from Special:Manage_Two-factor_authentication, using a scratch code, and then you'll be able to enable it again using the new phone.
Otherwise, if you printed the QR code when you enabled 2FA, you may be able to use it to set up 2FA in your new phone.
I hope that helped! In case you still need help you can contact me in my talk page and I'll do my best to help you! Good night! --PercyMM 22:51, 30 May 2021 (UTC)
@PercyMM: pleas note, you can not use a scratch code to initialize a 2FA TOTP client. Initializing a client requires the initial secret (which should not be stored as it is critically sensitive). You can use the scratch code to log in here, another scratch code to unenroll - then 2FA can be set up anew with the new client. — xaosflux Talk 23:58, 30 May 2021 (UTC)
@Xaosflux: Hi! I read my message above again and I actually don't think I made the mistake you reported. What I wrote is that they may use the QR code (not a scratch code) to inizialize a 2FA TOTP client in a new client, if they printed it when they set up 2FA. Then I said that otherwise they would need a scratch code to disable 2FA (and not to enable a new TOTP client), so that they could enable it (by "it" I mean 2FA) again using the new phone. Sorry but I don't see where my previous message is unclear or wrong. Could you please read it again and let me know? Of course just in order to understand whether what I wrote is correct or not, for future occasions. Have a nice day! --PercyMM 13:26, 31 May 2021 (UTC)
@PercyMM: think I misread you a bit, all good - best regards, — xaosflux Talk 15:58, 31 May 2021 (UTC)

FIDO

Is it intended to implement U2F and/or UAF of the FIDO Alliance for Wikimedia ? It works very well and reliable for other websites in m experience. --Bautsch (talk) 08:24, 9 September 2021 (UTC)

Return to "Two-factor authentication/Archives/2021" page.