TLDR: Implement option that if enabled would require two factor authentication only for some MW actions, like change of password, user preferences, or sysop actions.
Explanation, justification:
Right now there are only two options:
- Don't use two-factor authentication (insecure)
- Use two factor authentication (annoying as hell)
Option I would like to see implemented:
- Require two factor authentication only when performing restricted action (privileged / sysop action, access user preferences etc.) - not require two factor auth for simple wiki editing, talk page editing etc.
With two factor authentication it doesn't seem to be possible to make session persistent and it really is extremely annoying to look for your mobile phone, open the app and fill in the code everytime you want to do some simple wiki action. I am very lazy and even found myself to rather decide not to do a minor change (be it fix of typo correction etc. in article on English Wikipedia etc) rather than going through the hassle of using the google authenticator.
I think it would be really cool to have an option (or maybe even more of them?) that would help to specify when two factor auth is really desired, so that for example users could decide that for simple actions like wiki editing normal login would be sufficient, but for changes like:
- Change of password
- Change of (some) preferences
- Admin actions (block, delete etc.)
two-factor authentication would be enforced.
An idea how this could look on user interface (in preferences dialog):
Instead of
Two-factor authentication: enable / disable
There could be radio buttons:
- Disable
- Enable, require 2FA token only when performing changes to you preferences or actions that require elevated privileges
- Enable, require 2FA token for every login