Page MenuHomePhabricator

Disable OATH for Dodger67
Closed, ResolvedPublic

Description

Per T172079#3573986, @Dodger67 has lost access to his TOTP device and scratch codes at the same time, but can provisionally still post to Wikimedia sites and Phabricator from devices where he's already logged in.

There is no evidence of account compromise or loss of password.

Since OATH is still in opt-in trial mode, I suggest the best course of action for now is simply to have a dev disable his 2FA from the backstage.

Event Timeline

@deryckchan Thank you!!!! Thanks for understanding and getting to the point.

Reedy added a comment.Sep 4 2017, 2:03 PM

Since OATH is still in opt-in trial mode, I suggest the best course of action for now is simply to have a dev disable his 2FA from the backstage.

I'm not sure it's really a trial mode.. Sure, it's not compulsory... But that's for varying reasons :)

We get numerous of these sorts of requests, and there's repeatedly a discussion about how we verify identity etc. But in a lot of those cases, we don't have emails set, and they're currently logged out etc etc.

But yes, this is how it should have been requested, and that based on access is still available, we should be good to go ahead and disable on that basis

Unrelated to the MediaWiki-extensions-OATHAuth codebase, hence removing tag.

How soon can someone do this please?

jrbs added a comment.Sep 7 2017, 5:25 PM

Hi @Dodger67 - could you please email ca@wikimedia.org from the email attached to your Wikimedia account? Thanks!

jrbs claimed this task.Sep 7 2017, 5:26 PM
jrbs triaged this task as High priority.
jrbs moved this task from Backlog to Support on the Trust-and-Safety board.
jrbs closed this task as Resolved.Sep 7 2017, 6:30 PM

Thanks! @Dodger67, you should now be able to log in.

I referred to this as "trial" because, if I understood correctly, only
accounts with sysop or more advanced privileges are allowed to try OATH at
this stage.

Thanks! Problem solved.