Page MenuHomePhabricator
Create Task
Maniphest T228208

Add 2FA to new website
Open, Needs TriagePublic
Actions

Description

Task
We should enable 2FA for our wordpress site. https://www.wpwhitesecurity.com/best-two-factor-authentication-plugins-wordpress/ lists a few free such plugins.

Since we all have Google Authenticator installed for 2FA elsewhere we should probably go with that one.

We want to manually set this as required for all Administrators and likely also all "redaktör"

What's been done

  • Evelina has installed Two-Factor, a plugin for two factor authentication.
    • One of the options for 2FA is Google Authenticator.
    • Another option is to get a code to your email address.
  • Evelina has enabled 2FA via e-mail for all administrators and editors.
  • Evelina has sent an e-mail about this to the staff.

How to change from 2FA via email to Google Authenticator

  1. Log on to your account (wikimedia.se/login) and go to your profile.
  2. Scroll to Two-Factor Options and uncheck Email.
  3. Check Time Based One-Time Password (Google Authenticator).
  4. Scan the QR code with your Google Authenticator app.

Related Objects
Search...

StatusSubtypeAssignedTask
 Resolved Evelina-Bang-WMSET204632 New wikimedia.se
 OpenNoneT228208 Add 2FA to new website

Event Timeline

Evelina-Bang-WMSE updated the task description. (Show Details)Aug 28 2019, 1:14 PM
Evelina-Bang-WMSE updated the task description. (Show Details)
Lokal_Profil added a comment.Sep 11 2019, 8:58 AM

@Evelina-Bang-WMSE I sent out a reminder to the 4 users who have yet to switch

Lokal_Profil added a comment.Sep 11 2019, 9:00 AM

@Evelina-Bang-WMSE We should document the above steps somewhere (on wiki). Probably linked from any info about adding a new employee as a user.

Lokal_Profil moved this task from Backlog to Watching on the User-LokalProfil board.Sep 11 2019, 9:00 AM
Lokal_Profil moved this task from Backlog to In progress on the WMSE (IT) board.
Lokal_Profil added a comment.Sep 23 2019, 8:47 AM
In T228208#5482300, @Lokal_Profil wrote:

@Evelina-Bang-WMSE I sent out a reminder to the 4 users who have yet to switch

I pinged the 3 people left to do this

Evelina-Bang-WMSE added a comment.Oct 29 2019, 8:28 AM
In T228208#5482307, @Lokal_Profil wrote:

@Evelina-Bang-WMSE We should document the above steps somewhere (on wiki). Probably linked from any info about adding a new employee as a user.

I've added a step about creating a user account for the website and activating 2FA to the new employeer checklist. I don't think the exact clicks you need to use to activate 2FA are necessary to document.

Lokal_Profil moved this task from Watching to This week on the User-LokalProfil board.Jan 17 2020, 8:01 AM

I'll follow up on the status of this again and ping any stragglers

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL