Page MenuHomePhabricator

OATH token input should be on a separate page
Closed, ResolvedPublic

Description

Having the input on the login page makes it confusing to users since most don't even know what two factor authentication is. I'm willing to bet more than one person will try and type their password into it.

Basically there should be a configuration option like in Extension:TwoFactorAuthentication that allows moving the token input to a different page (like how Google, Facebook, etc. does it) and the user only sees it if they have it enabled for their account.

Note that in Extension:TwoFactoryAuthentication, this is done in a ambivalent method that doesn't reveal if you got the password or the token wrong. In other words, if you type an incorrect password, it still takes you to the token page.


Version: master
Severity: enhancement

Details

Reference
bz53195

Event Timeline

bzimport raised the priority of this task from to Needs Triage.Nov 22 2014, 2:08 AM
bzimport set Reference to bz53195.

Change 135597 had a related patch set uploaded by Parent5446:
Move token login to separate page

https://gerrit.wikimedia.org/r/135597

Aklapper removed RyanLane as the assignee of this task.Apr 26 2015, 12:11 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 24 2016, 6:18 PM
csteipp moved this task from Backlog to In Progress on the Security-Team board.Mar 24 2016, 6:19 PM

Change 135597 merged by jenkins-bot:
Move token login to separate page

https://gerrit.wikimedia.org/r/135597

Change 280672 had a related patch set uploaded (by CSteipp):
Move token login to separate page

https://gerrit.wikimedia.org/r/280672

Change 280672 merged by jenkins-bot:
Move token login to separate page

https://gerrit.wikimedia.org/r/280672

csteipp closed this task as Resolved.Apr 7 2016, 12:08 AM
csteipp added a subscriber: csteipp.

This is now deployed on wikitech, and no reports of breakage. I think we can call it done.

sbassett moved this task from In Progress to Done on the Security-Team board.Jun 11 2019, 6:06 PM