Improve user experience of Two-Factor process
Open, HighPublic
Actions

Assigned To

None

Authored By

	Parent5446
	May 25 2015, 9:58 PM

Related Objects
Search...

Status	Subtype	Assigned	Task
Open		None	T100375 Improve user experience of Two-Factor process
Stalled		None	T136383 Conduct usability survey of full two-factor authentication experience
Open		None	T124445 Design research support for two step authentication
Resolved		Tgr	T131359 Special:OATH QR-code mangles accents
Resolved		Dbrant	T150899 Support 2FA in Wikipedia Mobile applications
Resolved		Mhurd	T150699 [iOS] Allow users to log in with 2FA in the app
Resolved		None	T150985 Update login interface
Resolved		Mhurd	T154723 Update login screens text to support dynamic type
Duplicate		None	T154725 Update visual style of login flow for 5.0 and brand standards
Resolved		Mhurd	T154726 Allow users to reset their password
Resolved		Mhurd	T154727 Design/UX tweaks to login related errors
Resolved		Mhurd	T154728 Link to alternative account creation methods
Resolved		Mhurd	T154729 Use informative labels and placeholder text in login flow text entry fields
Resolved		Mhurd	T158142 Update styles for login and create account flows
Declined		None	T158253 Inline messaging triggers for password validation
Resolved		None	T158254 See if there is API support for determining if a username is already taken without actually submitting all required account creation fields (i.e. pwd, pwd confirmation, email)
Resolved		• Mholloway	T150900 [Android] Allow users to log in with 2FA in the app
Resolved		• Niedzielski	T150529 every edit save fails on 2.4.180-alpha-2016-11-10
Resolved		• Mholloway	T154414 every edit save fails, Invalid CSRF token
Open		None	T159470 Allow submitting a 2FA code along with initial login credential submission
Open		None	T159468 Ensure that the 2FA login interface accepts scratch codes
Resolved	BUG REPORT	None	T227925 Unable to log in to Android app with two-factor authentication (2FA)
Open		None	T180896 Allow functionaries to reset second factor on low-risk accounts
Resolved		Ladsgroup	T195207 Special page to disable OATH for other users
Open		None	T332385 Improve descriptions for our 2FA methods in 2FA management page
Open		None	T352856 Recovery code improvements
Open		Tgr	T245027 Enable downloading recovery codes for two-factor (TOTP)
Open		None	T234004 Add timestamp to recovery codes when displayed
Open		None	T131788 Users should be notified when only two recovery codes are left
Open		None	T150601 Add option to generate new set of recovery codes
Open		None	T232336 Separate recovery codes into a separate MFA method
Open		• taavi	T242031 Allow multiple different 2FA devices
Resolved		Reedy	T268564 Convert OATHAuth to AbstractSchema
Resolved		• taavi	T330502 Create oathauth_types and oathauth_devices tables
Resolved		• Marostegui	T348693 Drop oathauth_users table from production
Open		• taavi	T353962 Add new notifications for additional 2FA being enabled/disabled
Open		None	T194077 2FA should clarify O and 0s in recovery codes
Resolved		Reedy	T174937 Emphasise importance of recovery codes
Open		None	T158153 Consider changing recovery codes to use six digits
Resolved		Reedy	T150868 Expand recovery code instruction with advice to mark which codes you have used
Open		None	T354028 Add copy button to recovery codes page
Open		None	T354030 Allow viewing recovery codes again?
Resolved		Reedy	T354031 Rename scratch codes to recovery codes
Open		None	T354029 Add print button to recovery code page
Resolved		Reedy	T226059 oathauth-step1-test needs better example clients
Resolved		Reedy	T226060 oathauth/step2 and oathauth-step2alt layout and information

Event Timeline

Parent5446 created this task.May 25 2015, 9:58 PM

Parent5446 raised the priority of this task from to Needs Triage.

Parent5446 updated the task description. (Show Details)

Parent5446 added a project: MediaWiki-extensions-OATHAuth.

Parent5446 added subscribers: Parent5446, Aklapper.

Parent5446 moved this task from Backlog to Need for Deployment on the MediaWiki-extensions-OATHAuth board.May 25 2015, 10:02 PM

• dpatrick created subtask T136383: Conduct usability survey of full two-factor authentication experience.May 27 2016, 2:39 AM

• dpatrick renamed this task from Improve UI of all forms in the OATH process to Improve user experience of Two-Factor process.May 27 2016, 2:41 AM

• dpatrick added a subtask: T124445: Design research support for two step authentication.

• dpatrick set Security to None.

• dpatrick added a project: Security-Team.

• dpatrick moved this task from Incoming to Epics in progress on the Security-Team board.

• dpatrick added a subtask: T131788: Users should be notified when only two recovery codes are left.May 27 2016, 2:43 AM

• dpatrick added a subtask: T131359: Special:OATH QR-code mangles accents.

• dpatrick moved this task from Need for Deployment to In Progress on the MediaWiki-extensions-OATHAuth board.May 27 2016, 2:48 AM

Parent5446 moved this task from In Progress to User Experience on the MediaWiki-extensions-OATHAuth board.Jun 3 2016, 9:45 PM

Tgr closed subtask T131359: Special:OATH QR-code mangles accents as Resolved.Jun 13 2016, 9:46 AM

zhuyifei1999 subscribed.Oct 27 2016, 2:41 PM

Anomie mentioned this in T137805: API action=login is deprecated.Nov 10 2016, 4:19 PM

Huji subscribed.Nov 10 2016, 7:59 PM

• MZMcBride subscribed.Nov 12 2016, 11:36 PM

Xaosflux subscribed.Nov 13 2016, 1:50 AM

Poyekhali subscribed.Nov 13 2016, 2:59 AM

Troubled.asset subscribed.Nov 13 2016, 9:27 AM

Thibaut120094 subscribed.Nov 13 2016, 1:53 PM

Tgr added a subtask: T150899: Support 2FA in Wikipedia Mobile applications.Nov 17 2016, 5:16 AM

Description of the Github flow: https://help.github.com/articles/configuring-two-factor-authentication-via-a-totp-mobile-app/
Description of the Google flow: https://www.authy.com/tutorials/enable-2-step-verification-gmail/

Liuxinyu970226 subscribed.Mar 16 2017, 12:10 PM

I'd like we invest time for that. Currently, we're asking users to setup 2FA, and they do stupid stuff like wipe their phone.

I've just tested the GitHub flow, I got three strong hints I need to backup the codes: 1. web / setup 2 factor 2. web / immediately after 3. mail. It also offers SMS alternative, but this part is perhaps less important than secure the scratch codes, and SMS can't be considered as highly trustable,

Jeff_G subscribed.May 29 2017, 2:45 PM

Fae subscribed.May 30 2017, 9:37 AM

Niharika subscribed.Sep 5 2017, 7:57 PM

TheDJ added a subtask: T180896: Allow functionaries to reset second factor on low-risk accounts.Feb 1 2018, 8:57 AM

jrbs subscribed.Feb 1 2018, 6:35 PM

TerraCodes subscribed.Feb 26 2018, 9:47 AM

Tgr changed the status of subtask T180896: Allow functionaries to reset second factor on low-risk accounts from Open to Stalled.Mar 13 2018, 6:29 PM

• chasemp edited projects, added Security-team-backlog; removed Security-Team.Sep 4 2018, 3:25 PM

• chasemp edited projects, added Security-Team; removed Security-team-backlog.Dec 23 2019, 5:12 PM

• chasemp moved this task from Epics in progress to Back Orders on the Security-Team board.

Reedy edited projects, added Security; removed Security-Team.Nov 3 2021, 7:04 PM

TheresNoTime changed the status of subtask T180896: Allow functionaries to reset second factor on low-risk accounts from Stalled to Open.Sep 26 2022, 6:11 PM