bureaucrat (can grant anyone including themselves interface-admin, on meta also centralnoticeadmin)
checkuser (can perform checks which expose potentially user identifying information)
oversighter (can view oversighted revisions which can contain user identifying information)
import (can use XML import thus make whatever mess of the wiki like importing edits made in the future and what not)

I do not pretend to have the suggestion list complete. A review of all existing groups should be made, this should include some custom groups, and possibly some of them should have 2FA requirement added.

[1] https://meta.wikimedia.org/wiki/Special_global_permissions
[2] https://meta.wikimedia.org/wiki/Global_sysops
[3] https://meta.wikimedia.org/wiki/Interface_administrators
[4] https://meta.wikimedia.org/wiki/Stewards
[5] https://meta.wikimedia.org/wiki/Meta:Central_notice_administrators
[6] https://meta.wikimedia.org/wiki/Meta:WMF_Support_and_Safety

Related Objects
Search...

Status	Assigned	Task
		Restricted Task
Open	None	T150898 Force OATHAuth (2FA) for certain user groups in Wikimedia production and Beta wikis
		Restricted Task
Resolved	mszwarc	T222118 Review list of groups for which 2FA is a requirement

Event Timeline

Base created this task.Apr 29 2019, 10:43 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 29 2019, 10:43 PM

Base added projects: acl*stewards, Trust-and-Safety.Apr 29 2019, 10:45 PM

Base changed the visibility from "Custom Policy" to "Custom Policy".

alaa subscribed.Apr 30 2019, 12:51 AM

sbassett triaged this task as Medium priority.Apr 30 2019, 5:44 PM

sbassett added subscribers: sbassett, Bawolff, Reedy, • chasemp.

Trijnstel subscribed.May 5 2019, 11:02 AM

jrbs moved this task from Backlog to Support on the Trust-and-Safety board.Jul 1 2019, 10:46 PM

jrbs moved this task from Support to 2FA (backlog) on the Trust-and-Safety board.Aug 20 2019, 8:35 AM

Reedy added a subscriber: DannyS712.Jan 13 2020, 11:30 PM

revi edited projects, added: Stewards-and-global-tools; removed: acl*stewards.Feb 5 2020, 2:28 PM

• chasemp added a project: Security.Feb 10 2020, 10:57 PM

• chasemp removed a project: acl*security.Feb 20 2020, 8:06 PM

What has to be done to speed things up? Is there something one can help with? From T242555 I suspect that the bottleneck is the communication burden. Is that the case?

I would assume Trust-and-Safety would need to first prioritize such a project, as it's still sitting within their backlog.

Zabe subscribed.Jul 14 2022, 7:21 PM

Johannnes89 subscribed.May 25 2024, 12:09 PM

Tgr added a parent task: T150898: Force OATHAuth (2FA) for certain user groups in Wikimedia production and Beta wikis.Mar 29 2025, 3:36 PM

Aklapper added a parent task: Restricted Task.May 17 2025, 9:04 AM

OKryva-WMF edited projects, added: Product Safety and Integrity; removed: Trust-and-Safety.Sep 26 2025, 2:04 PM

OKryva-WMF moved this task from Inbox to Triaged (backlog) on the Product Safety and Integrity board.

OKryva-WMF edited projects, added: Trust-and-Safety; removed: Product Safety and Integrity.Sep 26 2025, 3:17 PM

sgrabarczuk subscribed.Feb 10 2026, 2:21 PM

Closing this as resolved – as part of the current work on 2FA enforcement from local and global groups, a broader list of 26 groups to require 2FA from was published on: https://meta.wikimedia.org/wiki/Mandatory_two-factor_authentication_for_users_with_some_extended_rights

sbassett added a project: SecTeam-Processed.May 5 2026, 1:13 PM

sbassett changed the visibility from "Custom Policy" to "Public (No Login Required)".

sbassett removed a subscriber: • chasemp.

Review list of groups for which 2FA is a requirementClosed, ResolvedPublicActions

Description

Related ObjectsSearch...

Event Timeline

Review list of groups for which 2FA is a requirement
Closed, ResolvedPublic
Actions

Related Objects
Search...