Page MenuHomePhabricator
Create Task
Maniphest T55195

OATH token input should be on a separate page
Closed, ResolvedPublic
Actions

Description

Having the input on the login page makes it confusing to users since most don't even know what two factor authentication is. I'm willing to bet more than one person will try and type their password into it.

Basically there should be a configuration option like in Extension:TwoFactorAuthentication that allows moving the token input to a different page (like how Google, Facebook, etc. does it) and the user only sees it if they have it enabled for their account.

Note that in Extension:TwoFactoryAuthentication, this is done in a ambivalent method that doesn't reveal if you got the password or the token wrong. In other words, if you type an incorrect password, it still takes you to the token page.

Version: master
Severity: enhancement

Details

Reference
bz53195

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:08 AM
bzimport added a project: MediaWiki-extensions-OATHAuth.
bzimport set Reference to bz53195.
Parent5446 created this task.Aug 22 2013, 3:21 AM
gerritbot added a comment.May 27 2014, 6:09 PM

Change 135597 had a related patch set uploaded by Parent5446:
Move token login to separate page

https://gerrit.wikimedia.org/r/135597

Aklapper removed RyanLane as the assignee of this task.Apr 26 2015, 12:11 PM
Parent5446 moved this task from Backlog to In Progress on the MediaWiki-extensions-OATHAuth board.May 23 2015, 2:57 PM
Parent5446 claimed this task.May 23 2015, 4:02 PM
csteipp added a parent task: T107605: Support two-factor authentication on CentralAuth wikis.Mar 24 2016, 5:42 PM
csteipp added a project: Security-Team.Mar 24 2016, 6:18 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 24 2016, 6:18 PM
csteipp moved this task from Incoming to In Progress on the Security-Team board.Mar 24 2016, 6:19 PM
zhuyifei1999 subscribed.Mar 29 2016, 3:05 AM
gerritbot subscribed.Mar 31 2016, 4:31 AM

Change 135597 merged by jenkins-bot:
Move token login to separate page

https://gerrit.wikimedia.org/r/135597

gerritbot added a comment.Mar 31 2016, 2:56 PM

Change 280672 had a related patch set uploaded (by CSteipp):
Move token login to separate page

https://gerrit.wikimedia.org/r/280672

gerritbot added a comment.Mar 31 2016, 11:02 PM

Change 280672 merged by jenkins-bot:
Move token login to separate page

https://gerrit.wikimedia.org/r/280672

csteipp closed this task as Resolved.Apr 7 2016, 12:08 AM
csteipp subscribed.

This is now deployed on wikitech, and no reports of breakage. I think we can call it done.

sbassett moved this task from In Progress to Our Part Is Done on the Security-Team board.Jun 11 2019, 6:06 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL