Page MenuHomePhabricator

Enable 2FA normal login
Open, HighPublic


Currently accounts that use 2FA security can't get login with PWB on the wiki without using other type of authentication such as BotPasswords or OAuth.

if you enable two-factor authentication[1] on the bot's account, Special:UserLogin will return a second page asking for the second factor and action=clientlogin will return a response with a similar request, while action=login will just fail.

So in theory it can be possible to use action=clientlogin to perform an authentication with 2FA.

See the related task for Huggle software and the research made : T180279: Enable 2FA normal login

Event Timeline

@Anomie, Is there any way to simulate/force an OpenID/Captcha authentication process for testing purposes or any wiki which we can test this on?

If you fail 3 logins on a WMF wiki, I believe it'll send a captcha for additional attempts from that IP or username.

If you set up your own wiki to test things on, you can configure things however you like.

Xqt triaged this task as High priority.Aug 19 2020, 2:25 AM

This is a different task