Page MenuHomePhabricator

Make some providers optional for reauthentication
Open, Needs TriagePublic

Description

We require reauthentication for security-sensitive operations; that gets annoying if we use it for a lot of things, and extra annoying for people who have more secure logins (e.g. long random passwords they need to look up in a password manager, or two-factor authentication). We should make it possible for providers to act differently during reauthentication (some ideas here) and make reauthentication shorter:

  • no need for login captcha (where enabled)
  • maybe no need for second factor?
  • or maybe when there is a second factor no need for the password?

See also:

Details

Related Gerrit Patches:

Event Timeline

Tgr created this task.Jun 13 2018, 5:09 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 13 2018, 5:09 PM
Rxy added a subscriber: Rxy.Jun 13 2018, 7:58 PM
Vvjjkkii renamed this task from Make some providers optional for reauthentication to u2aaaaaaaa.Jul 1 2018, 1:04 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
Ankry renamed this task from u2aaaaaaaa to Make some providers optional for reauthentication.Jul 1 2018, 4:22 PM
Ankry raised the priority of this task from High to Needs Triage.
Ankry updated the task description. (Show Details)
Ankry added a subscriber: Aklapper.
He7d3r added a subscriber: He7d3r.Aug 13 2018, 11:38 AM

Change 471664 had a related patch set uploaded (by Gergő Tisza; owner: Gergő Tisza):
[mediawiki/core@master] [WIP] AuthManager: Modify security level handling

https://gerrit.wikimedia.org/r/471664

Tgr moved this task from Backlog to Next on the User-Tgr board.Feb 23 2019, 7:19 AM