Page MenuHomePhabricator

Disable Wikitech 2FA for user Kelson
Closed, ResolvedPublic


I try to connect to with my WM login "Kelson"... but the login page keeps asking me about a token (after user/pws have been given) I have basically no clue about. Could someone change my settings to avoid this?

Event Timeline

Kelson created this task.Aug 27 2018, 9:06 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 27 2018, 9:06 AM

What makes you think that you are "unable to connect" and that it is "because of unknown token"?
If there is an error message, please provide the error message.

@Aklapper I have no token and if I give a random string it says "Verification failed".

@Kelson it is asking for your 2-Factor Authentication token. You probably used Authy or Google Authenticator or similar?

Kelson added a comment.EditedAug 28 2018, 5:21 AM

@Quiddity No, I use my Wikimedia/Wikipedia password. Whatever I use, I do not want that. How to deactivate the 2-factor authentication?

@Quiddity No, I use my Wikimedia/Wikipedia password. Whatever I use, I do not want that. How to deactivate the 2-factor authentication?

Wikitech is not part of the Wikimedia SUL wikis, so you might (should!) have a different password here.
If it is asking for a Token (like in this screenshot) then that is because you have setup 2FA in the past.
It is impossible to complete the setup process without confirming it, using an initial authentication code, so you should have something! :-) (I.e. if you don't have 2FA on your SUL-account (which as a sysop you should), then you can see the 4 step signup process at [[Special:Two-factor_authentication]] - step 4 requires a verification code)
It is a very very good idea to use 2FA, for best practices in security, (especially if you ever re-use passwords ;-) and especially on any accounts which have advanced user-rights.
To de-activate 2FA, you need the "Scratch codes" that it gave you when you signed up for it. (There is a complicated override, but hopefully the details above will help instead.)

Kelson added a comment.EditedAug 28 2018, 6:55 PM

I do not have setup 2FA in the past and if Id it was inadvertently. I'm not interested in this level of security for wikitech. I for sure do not have complete any 2FA setup and do not have any scratch codes in my email box. I simply did not want this and still do not want this.

So now only two solutions:

  • You enforce the 2FA and assume it and provide me the necessary material to complete it.
  • You let people free to chose their level of security and then please reconfigure my account to a normal authentication

I need quite urgently this access to edit and keep access to the VMs I administrate.

bd808 added a subscriber: bd808.Aug 28 2018, 7:17 PM

@Kelson your Wikitech user account does have 2FA enabled. The table that tracks this preference doesn't store a date stamp, so I can't say exactly when you enabled it. One reason that you may have done so is that using to manage virtual machine instances requires the use of 2FA.

We can follow the process from to remove your current 2FA protection. The easiest way to verify your identity for this request is for you to ssh into and create a file in your home directory (/home/kelson) that references this phabricator ticket. Ping me back here after you have done that and I can complete the steps needed to disable 2FA for your wikitech account. You can then login to wikitech and decide if you would like to renable 2FA or not.

bd808 renamed this task from Unable to connect to because of unknown token to Disable Wikitech 2FA for user Kelson.Aug 28 2018, 7:17 PM
bd808 triaged this task as Medium priority.
bd808 edited projects, added cloud-services-team (Kanban); removed cloud-services-team.
bd808 added a subscriber: Andrew.Sep 4 2018, 3:48 PM

@bd808 Thx. Done at /home/kelson/T202877.

bd808 closed this task as Resolved.Sep 12 2018, 2:31 PM
bd808 claimed this task.
$ ssh
$ mwscript extensions/OATHAuth/maintenance/disableOATHAuthForUser.php --wiki=labswiki Kelson
OATHAuth disabled for Kelson.

@bd808 Thx, works fine now.