Page MenuHomePhabricator

Give the rights to enable 2FA to users in autoreview and patroller group in Turkish Wikipedia
Open, LowPublic

Description

Hello. As per this community consensus took place in Village Pump, we request you to let our patrollers and autoreviewed users enable 2FA for their own accounts. As we only have 370 patrollers and 1.329 (more than 4/5 of them seems to be inactive) users with autoreview flag, we thought that there will be no big burden for the servers. After all, our users would like to contribute to the testing process of 2FA, and since it's optional, I predict that not more than 1/10 of our patrollers & autoreviewed users will enable it, so that won't make it a big deal for the servers. I'm an interface admin, I already have 2FA enabled as the foundation forces me to do so, and I can say that IMO, it runs pretty stable. So why shouldn't we allow our users to raise their accounts' security level?

Turkish Wikipedians will be waiting for your response, have a nice day :)

Event Timeline

RhinosF1 added a subscriber: RhinosF1.

tagging T&S seen as they handle 2FA resets to see if they are happy with this

Urbanecm added a subscriber: Urbanecm.

I'd like to link T180648 here, which is a similar task from the past, and includes users of similar trust level.

Generally speaking, our biggest concern is two factor authentication resets, which needs to be done very carefully, and the identity of the user in question needs to be verified by reliable methods. That can be very hard (next to impossible) to do for users who aren't well known by the the international community, which is likely the case for autopatrolled users.

However, please keep in mind I'm not a T&S specialist, and this comment serves only to present context for everyone involved.

@Urbanecm, then, what if we expand it just to patrollers? that makes 370 people in total, and I'm pretty sure most of them won't even attempt to enable 2FA.

Suggest a decline on this, as support for 2FA is still quite low - if someone really wants to test it they can go get rubber stamped at metawiki

@Evrifaessa any special reason why these rather light-weight access groups would need this, in light of the large lack of support for this feature and the existing opt-in that can already be used?

@Evrifaessa any special reason why these rather light-weight access groups would need this, in light of the large lack of support for this feature and the existing opt-in that can already be used?

@Xaosflux. no, we don't have any special reasons behind. But it's easy to predict that the feature will surely eventually expand to everyone in the future, and devs need to do wider tests after all. They have to start somewhere, and we thought that we could be eligible to become a pilot wiki for this.

Even niche projects like meta-wiki got turned down for self-service during recent RfCs, mostly due to lack of a support process on 2FA.