Page MenuHomePhabricator

Expand the access to 2FA on fawiki
Open, LowPublic

Description

Currently, two-factor authentication is only available to a limited set of user groups on fawiki (checkusers, oversighters, bureaucrats, sysops, eliminators), although I actually cannot find where in InitialiseSettings.php that restriction is specified.

I would like to request this to be expanded to the following user groups as well:

  • rollbacker
  • extendedconfirmed
  • templateeditor

These groups include users that are either very senior, or have high trust of the community, or both, and because of their access/seniority, are often highly respected. Highly respected users at fawiki tend to be the target of trolls trying to hack into their accounts (some of them receive 10s of failed login attempt notifications every day). To have the piece of mind of 2FA can be beneficial to these groups.

Event Timeline

These are configured in here in InitialiseSettings.php.

Farsi Wikipedia already allows templateeditor users to use 2FA ('+fawiki' => [ 'templateeditor' ],) so you can expand that line to add rollbackers and extendedconfirmed and that will let them enable 2FA on their accounts.

However please make sure that the users understand the consequences of enabling 2FA with regards to the scratch codes and the authentication device. Make sure they understand that they need to keep the scratch codes in a safe place, etc. It is unlikely that Trust-and-Safety will be doing 2FA resets for large numbers of accounts.

@MarcoAurelio I will create a detailed Help page on fawiki first, so that users are aware of the process and the consequences. Then I will submit a patch to add those two groups.

Huji triaged this task as Low priority.

Change 392224 had a related patch set uploaded (by Huji; owner: Huji):
[operations/mediawiki-config@master] Expand the access to 2FA on fawiki

https://gerrit.wikimedia.org/r/392224

I updated https://fa.wikipedia.org/wiki/ویکی‌پدیا:اعتبارسنجی_دومرحله‌ای to include warnings about the case where a user with 2FA would lose their access to the token generating app. I also submitted a patch. Once approve, I will make an announcement on fawiki, reminding the users about which groups have been added and a reference to the cautionary words

Dereckson added a subscriber: Dereckson.

Pinging Trust-and-Safety to notify we increase the probability of reset requests.

Security-Team you're fine with such community requests to adapt target user groups?

https://quarry.wmflabs.org/query/23119 shows the current size of various user groups in fawiki. This request is adding ~800 new members to the 2FA group. Currently, we only have ~40 users with 2FA access at fawiki. It is expected that most of the 800 new users will not use 2FA for now, but still it is fair to assume that the number of people using 2FA at fawiki at least doubles in the short term.

Can I remind Security-Team to take a look at this and either approve or deny?

In my humble opinion, the biggest bottleneck here is increase in number of requests of 2FA reset. I can help Su&Sa with both communication and technical matters. I know a little bit about social engineering and keep that in mind in resetting anyone's 2FA (I also know most prominent users in person, that makes things easier). I hope @Jalexander is fine with it.

Security-wise, it doesn't seem so much of a hassle, specially since we have rather special situation with Persian Wikipedia, it increases security and safety of the users in the real world.

Can I remind Security-Team to take a look at this and either approve or deny?

Our biggest concern is handling the increased volume of reset requests (along with the fact that procedures about reset requests are bit missing). If SuSa is ok with handling that (big if. I have no idea what their opinion is on this), then I don't think Security-Team has any objections to this request.

Reiterating the concerns of T180648#3766136 in fine which are shared by @Ladsgroup and @Bawolff as well. I understand Trust-and-Safety has been doing efforts in resetting 2FA from established accounts, but it is unlikely that they will continue to do so on other accounts; with the result of having accounts locked forever.

If SuSa is ok with handling that (big if. I have no idea what their opinion is on this), then I don't think Security-Team has any objections to this request.

I'd have to check with my manager. I've unofficially taken this workflow from James since it was pretty infrequent, we'd need to speak about it were that to change.

Change 392224 abandoned by Huji:
Expand the access to 2FA on fawiki

Reason:
Requires approval by the WMF Security Team first.

https://gerrit.wikimedia.org/r/392224

Just an update on this. Support and Safety is in theory very much in support of expanding 2FA to more communities, but currently we are not in the position to support the expected large increase in reset requests.

We need to work toward a sustainable solution to this aspect of 2FA, whatever that may be, before expanding it so widely.

Removing task assignee due to inactivity, as this open task has been assigned to the same person for more than two years (see the emails sent to the task assignee on Oct27 and Nov23). Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be welcome.
(See https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator.)