I've been going between devices because my original 2FA device became waterlogged. Unfortunately, I forgot to reset the 2FA on this account. Fortunately, my session is still active, but I am unable to replace the old 2FA secret with a new one.
Can someone please reset it? Similar to the InternetArchiveBot issue from a week ago. See T230773
Hey again - would you be able to email ca@wikimedia.org from the email address on your account (again)? Thanks :)
Hello Cyberpower678,
We have disabled the 2-factor authentication for the account
User:Cyberpower678. Could you check whether you can login again and let us
know?
Cheers,
Samuel
Ah, easy mistake to make :) We (T&S) do not generally handle Phabricator 2FA. I'd like to ping @bd808 as a Phab admin who might be able to look at this.
Revoking Phabricator 2FA requires shell access that I do not have. I will keep the ping train going however by adding @Aklapper and @mmodell who do have all the necessary permissions to verify the request and ultimately revoke the current 2FA tokens for @Cyberpower678
@Cyberpower678: The procedure involves confirming your wiki identity via a private paste
see https://www.mediawiki.org/wiki/Phabricator/Help/Two-factor_Authentication_Resets
So I've created a private paste here: P9005
Please edit the paste and add you identity hash, I'll compare it and then remove your TOTP 2nd factor from phabricator.
So we have a problem. The flash drive that actually had my paragraph long rant, that feeds into the hash, doesn't actually power on anymore. I guess age killed it. Obviously, that means I need to change my hash now. **** me.
I have 2FA enabled and my identity recently confirmed multiple times on Wikipedia, most recently on this very thread. Can I just post a 2FA reset confirm post on my talk page?
That seems reasonable to me, though I didn't make the procedure at https://www.mediawiki.org/wiki/Phabricator/Help/Two-factor_Authentication_Resets
@Cyberpower678 can create a file in home in his toolforge account (he has LDAP connected to Phabricator account, so it's clear the accounts are both his), do an edit somewhere to confirm this or we can ask him for confirmation via IRC PM (it's common knowledge who owns the account there, and he has a cloak anyway). Besides, he is still logged in, so it's not a big problem. Plenty of ways to verify Cyberpower's request :). At worse, Cyberpower can have a quick videoconference with someone who recognizes him in person :).
I believe the rationale is to verify the identity somehow, not to require hash and only hash.
Cyberpower should change the hash anyway :D.
The procedure linked says "Contact a Phabricator admin who knows your face [to verify the request]". I'm not a Phabricator admin, but I saw Cyberpower at Wikimania Hackathon, and I still recall his face. I'm willing to confirm his request via videoconference if it is needed.
Didn't we meet at Wikimania? :-) I will be happy to do any of those methods. Just tell me what to do to verify my identity, other than a hash. (New hash is going into my keychain this time). My hash predates my password vault.
Welp my phone got logged out somehow. So now I only have one device left with an active Phab session going.
@Cyberpower678 check your irc bouncer and/or Telegram client for an invite from me to do a video confirmation. :)
@mmodell I just did a video call with the human entity I know to be @Cyberpower678 and they confirmed this request by reciting the task number to me. If you would like to verify I am who you think I am, pm me a google meet link on Freenode.
Also just leaving this here as well. I have now changed my on wiki hash.
https://en.wikipedia.org/w/index.php?title=User:Cyberpower678/Flipper/Hash&diff=prev&oldid=913107398