Page MenuHomePhabricator
Create Task
Maniphest T174937

Emphasise importance of recovery codes
Closed, ResolvedPublic
Actions

Description

From T172079#3573986

In T172079#3573986, @Dodger67 wrote:

2FA was "sold" to me as an essential upgrade that all admins must have, but the "simple" page through which I got it, is seriously lacking sufficient detailed explanation and OBNOXIOUSLY LOUD warnings about the consequences of losing the keys.

https://en.wikipedia.org/wiki/Wikipedia:Simple_2FA#Emergency_tokens_:_IMPORTANT.2C_read_this

Details

SubjectRepoBranchLines +/-
TOTPEnableForm: Emphasise importance of recovery codesmediawiki/extensions/OATHAuthREL1_40+4 -1
TOTPEnableForm: Emphasise importance of recovery codesmediawiki/extensions/OATHAuthREL1_41+4 -1
TOTPEnableForm: Emphasise importance of recovery codesmediawiki/extensions/OATHAuthREL1_39+4 -1
TOTPEnableForm: Emphasise importance of recovery codesmediawiki/extensions/OATHAuthmaster+4 -1
en.json: Improve oathauth-scratchtokensmediawiki/extensions/OATHAuthREL1_41+1 -1
en.json: Improve oathauth-scratchtokensmediawiki/extensions/OATHAuthREL1_40+1 -1
en.json: Improve oathauth-scratchtokensmediawiki/extensions/OATHAuthREL1_39+1 -1
en.json: Improve oathauth-scratchtokensmediawiki/extensions/OATHAuthmaster+1 -1
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenNoneT100375 Improve user experience of Two-Factor process
 OpenNoneT352856 Recovery code improvements
 ResolvedReedyT174937 Emphasise importance of recovery codes

Event Timeline

Reedy created this task.Sep 4 2017, 1:49 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 4 2017, 1:49 PM
mxn subscribed.Nov 6 2017, 6:22 AM
Lars.Dormans subscribed.Mar 11 2018, 7:59 PM

Give users a prompt on a timer stating users should save their backup codes or like i do for some of my applications only allow them to continue the 2FA setup if you detect they pressed the download button
Also dont forget to give massive warning texts they should be big and bold so users notice them and dont spam next

srodlund moved this task from Backlog to Completed, Blocked, Wrong Category, Refinement Needed, or Older Needs Review on the Documentation board.Aug 17 2018, 5:46 PM
Reedy moved this task from Backlog to User Experience on the MediaWiki-extensions-OATHAuth board.Jul 5 2019, 10:00 PM
Reedy triaged this task as High priority.Sep 10 2019, 7:29 PM
Reedy added a parent task: T352856: Recovery code improvements.Dec 6 2023, 12:44 PM
Reedy added a comment.Dec 26 2023, 9:58 PM

This is what we do...

Screenshot 2023-12-26 at 21.57.43.png (81×2 px, 26 KB)

vs what GitHub do...

Screenshot 2023-12-26 at 21.57.28.png (410×627 px, 61 KB)

gerritbot added a comment.Dec 26 2023, 10:06 PM

Change 985932 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@master] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985932

gerritbot added a project: Patch-For-Review.Dec 26 2023, 10:06 PM

Change 985933 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@master] WIP: TOTPEnableForm: Emphasise importance of scratch tokens

https://gerrit.wikimedia.org/r/985933

Reedy added a comment.Dec 26 2023, 10:45 PM

Maybe we should steal GitHub's suggestion of where to save them too...

gerritbot added a comment.Dec 27 2023, 2:46 AM

Change 985932 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985932

ReleaseTaggerBot added a project: MW-1.42-notes (1.42.0-wmf.12; 2024-01-02).Dec 27 2023, 3:00 AM
gerritbot added a comment.Dec 27 2023, 2:42 PM

Change 985402 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@REL1_39] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985402

gerritbot added a comment.Dec 27 2023, 2:42 PM

Change 985403 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@REL1_40] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985403

gerritbot added a comment.Dec 27 2023, 2:43 PM

Change 985404 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@REL1_41] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985404

gerritbot added a comment.Dec 27 2023, 2:47 PM

Change 985402 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@REL1_39] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985402

gerritbot added a comment.Dec 27 2023, 2:48 PM

Change 985403 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@REL1_40] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985403

gerritbot added a comment.Dec 27 2023, 2:48 PM

Change 985404 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@REL1_41] en.json: Improve oathauth-scratchtokens

https://gerrit.wikimedia.org/r/985404

Reedy renamed this task from Emphasise importance of scratch tokens to Emphasise importance of recovery codes.Jan 1 2024, 8:50 PM
gerritbot added a comment.Jan 11 2024, 2:22 PM

Change 985933 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@master] TOTPEnableForm: Emphasise importance of recovery codes

https://gerrit.wikimedia.org/r/985933

gerritbot added a comment.Jan 11 2024, 2:23 PM

Change 989867 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@REL1_41] TOTPEnableForm: Emphasise importance of recovery codes

https://gerrit.wikimedia.org/r/989867

gerritbot added a comment.Jan 11 2024, 2:23 PM

Change 989868 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@REL1_40] TOTPEnableForm: Emphasise importance of recovery codes

https://gerrit.wikimedia.org/r/989868

gerritbot added a comment.Jan 11 2024, 2:23 PM

Change 989869 had a related patch set uploaded (by Reedy; author: Reedy):

[mediawiki/extensions/OATHAuth@REL1_39] TOTPEnableForm: Emphasise importance of recovery codes

https://gerrit.wikimedia.org/r/989869

gerritbot added a comment.Jan 11 2024, 2:39 PM

Change 989869 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@REL1_39] TOTPEnableForm: Emphasise importance of recovery codes

https://gerrit.wikimedia.org/r/989869

gerritbot added a comment.Jan 11 2024, 2:41 PM

Change 989867 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@REL1_41] TOTPEnableForm: Emphasise importance of recovery codes

https://gerrit.wikimedia.org/r/989867

gerritbot added a comment.Jan 11 2024, 2:41 PM

Change 989868 merged by jenkins-bot:

[mediawiki/extensions/OATHAuth@REL1_40] TOTPEnableForm: Emphasise importance of recovery codes

https://gerrit.wikimedia.org/r/989868

ReleaseTaggerBot edited projects, added MW-1.42-notes (1.42.0-wmf.14; 2024-01-16); removed MW-1.42-notes (1.42.0-wmf.12; 2024-01-02).Jan 11 2024, 3:00 PM
Maintenance_bot removed a project: Patch-For-Review.Jan 11 2024, 3:31 PM
Reedy closed this task as Resolved.Jan 11 2024, 3:37 PM
Reedy claimed this task.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits