Page MenuHomePhabricator

Enable BotPasswords (or similar feature) for web/interactive access
Open, Needs TriagePublic

Description

Hi,
I edit from public computers sometime. But this increase likehood of breaking into my account. As I hold advanced privilegies this can make huge damage which can't be easily reverted (bureaucrat+sysop rights) I wish to limit grants per used password. Yes, I have long, random and unique password, yes, I change it sometime, yes, I have enabled 2FA

Botpasswords was enabled recently. I'd like to have a similar feature which will allow me to generate/enter additional password for my account and I will be able to limit grants.

E.g. I login with Martin Urbanec as username and 123 as password, I will be able to do everything what my account allows me to do (currently bureaucrat and sysop rights). But when I login with Martin Urbanec as username and Test@987 as password, I will be able to do everything a normal user is (edit, move, etc.) or whatever I'll allow to do this another password.

Yes, I can create additional account but this don't allow me to access my watchlist, it count my public and private edits separatly etc.

Thank you for considering this feature-request.

Best,
Martin Urbanec

Event Timeline

Urbanecm created this task.Dec 16 2016, 1:50 PM
Restricted Application added a project: User-Urbanecm. · View Herald TranscriptDec 16 2016, 1:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Urbanecm moved this task from Backlog to Watching on the User-Urbanecm board.Dec 16 2016, 1:51 PM
Urbanecm updated the task description. (Show Details)Dec 20 2016, 11:59 AM
Urbanecm updated the task description. (Show Details)Feb 9 2017, 4:24 PM

May somebody have a look at this?

Any account can use bot passwords? There's no limitation that restricts it only to bots.

You didn't understand me. Yes, I can use botpassword but I mean new similar feature.

I want my account to have multiple passwords and limiting available grants per this password as in botpassword feature.

In another words: I can't create a botpassword and login by Special:Login with this botpassword.

And why? For increased security for example when editing from public computers without any other account.

Any chance to get this implemented sometime? ;)

In reading, this would basically be BotPasswords - but also allowing interactive WEB editing. Perhaps that could just be another grant on the exiting system?

Really looking forward to this being implemented in the future. It's quite a significant feature in terms of security and user experience. Thanks Xaosflux, for pointing me this page :)

Xaosflux renamed this task from Enable BotPasswords (or similar feature) for non-bot accounts to Enable BotPasswords (or similar feature) for web/interactive access.Feb 13 2018, 4:24 AM
Xaosflux added a subscriber: Tgr.

@Tgr - Would you mind commenting on the feasibility of this and/or if it fits a planned strategy (or if there is a competing strategy already?). Thank you.

Bot passwords were created specifically to circumvent security features that would cause problems for legacy bots (like 2FA or login notifications) so it makes little sense to use them for increased security. Also they are not really compatible with CentralAuth as each has its own session provider.

Hacking a botpassword-like feature on top of CentralAuth would not be too hard, as the core functionality is built into SessionManager; you'd only have to duplicate the bot password management UI and modify the login logic to handle the alternative password. It would be kind of inelegant though - limited-permission accounts have nothing to do with CentralAuth, it would make just as much sense to use them with the private wikis (core auth) or wikitech (LdapAuth). I'm not sure how one would go about adding that functionality in a way that's orthogonal to authentication and session providers.

Urbanecm moved this task from Watching to Created on the User-Urbanecm board.Apr 23 2018, 11:26 AM

If this is implemented as allowing botpasswords via web as well, why not, but then choosing own botpasswords will be a must. Otherwise, I'll have to open my password manager (LastPass) either on another computer I trust (why I'm editing on the public one then?) or on mobile or on the public computer itself (which will throw away almost any security improvement, because the keylogger can capture my LastPass password [or I can use one time login codes, that's why only almost] or simply download all my passwords since I'm authenticated). And even when using first two ways, I'd have to copy the bot password manually instead of clipboard or write it from my memory.

I really hope that none of this would be mandatory. I'm personally a fan of efficiency and proportionate security responses, of which this is not one.

@Ajraddatz my hopes would be that it would be like botpasswords, where basically you could log on with multiple passwords if you opt in to it, and when you opt in to it you can choose what access is available under your opt. You could lock certain passwords to certain IP's, make some edit-only, etc. Put everything entirely in control of the editor.

Krenair added a subscriber: Krenair.Jul 9 2018, 9:43 PM

Thanks. I have no concerns if this is left to individual users to decide what hoops they want to create for themselves.

Thank you @Xaosflux, {{support}}ed.

Tgr added a comment.Dec 1 2018, 6:56 AM

I have proposed sort of the reverse of this: T210909: Introduce secure mode to MediaWiki

I see those two tasks as separate and we can do both of them. I don't see those two tasks as reverse of each other.

stwalkerster added a subscriber: stwalkerster.