Allow all users on all wikis to use OATHAuth
Open, NormalPublic

Description

I thought we had a task for this, but I can't seem to find one...

We eventually want to enable OATHAuth on all wikis, for all users, pending a few usability improvements

Reedy created this task.May 30 2017, 9:16 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMay 30 2017, 9:16 PM
Reedy renamed this task from Deploy Extension OATHAuth to all wikis to Allow all users on all wikis to use OATHAuth.May 30 2017, 9:25 PM

Duh. Subject changed to mean what I actually meant

TheDJ added a subscriber: TheDJ.May 30 2017, 9:45 PM
Luke081515 added a subscriber: Luke081515.
Daylen added a subscriber: Daylen.Jul 18 2017, 5:03 AM
Sniper296 added a subscriber: Sniper296.

This should happen as soon as possible because everyone should be to have additional security on their account if they so desire

Wong128hk added a subscriber: Wong128hk.
jrbs moved this task from Backlog to Security/Abuse on the Trust-and-Safety board.
jrbs added a subscriber: jrbs.
jrbs added a subscriber: Jalexander.
Reedy added a comment.Thu, Dec 6, 8:34 AM

Ideally, IMHO, being able to do a device swap without disabling and re-enabling should be in there too (not sure where the task is for that straight off)

@Tgr and @Reedy, yep, this task is directly related to the #10 of #community-wishlist-survey-2019: 2FA available for all concerned editors

TheDJ added a comment.Thu, Dec 6, 12:49 PM

@Tgr I think in the past we also said that some UI and interface messaging rework was needed to make the steps more understandable, esp around the topic of scratchcodes.

sbassett added a comment.EditedThu, Dec 6, 4:01 PM

Trust-and-Safety might have some additional thoughts here, as they currently manage the operational work around OATHAuth. Though the tasks @Tgr mentioned (T166622#4802577) should alleviate most of their concerns, I'd imagine.

Tgr added a comment.Fri, Dec 7, 1:48 AM

Ideally, IMHO, being able to do a device swap without disabling and re-enabling should be in there too (not sure where the task is for that straight off)

I guess that's T172079: Allow OATHAuth users with 2FA already enabled to add / switch devices without disabling? (that title is not super helpful)

@Tgr I think in the past we also said that some UI and interface messaging rework was needed to make the steps more understandable, esp around the topic of scratchcodes.

T150868: Expand scratch code instruction with advice to mark which codes you have used I guess?

Reedy added a comment.Fri, Dec 7, 6:27 AM

Ideally, IMHO, being able to do a device swap without disabling and re-enabling should be in there too (not sure where the task is for that straight off)

I guess that's T172079: Allow OATHAuth users with 2FA already enabled to add / switch devices without disabling? (that title is not super helpful)

I think so, title improved a little bit

Reedy added a comment.Fri, Dec 7, 6:38 AM

@Tgr and @Reedy, yep, this task is directly related to the #10 of #community-wishlist-survey-2019: 2FA available for all concerned editors

Actually implementing that task is easy (removing 10-15 lines from wmf-config)... It's the tasks mentioned above that need fixing first before we will do that

Tgr added a comment.Mon, Dec 10, 7:11 AM

This is not really blocked on forcing on anyone 2FA, so rearranged the dependency tree a bit.