Please remove the two-factor authentication from my Phabricator account
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	zhaofengli
	Jan 24 2015, 2:50 AM

Description

I bricked my phone a while ago, losing my two-factor authentication tokens. I can still access Phabricator through the active session on my computer, but nowhere else. I made a request that the authentication be removed on IRC a month earlier, which Quiddity helpfully responded to and emailed two ops, qgil and andre. Unfortunately, I haven't heard from them since. Could anyone kindly help?

Related Objects

Mentioned In: T85706: Determine policy for Phabricator multi-factor authentication reset requests
T89605: Remove the two-factor authentication code for Negative24 account
Mentioned Here: T85706: Determine policy for Phabricator multi-factor authentication reset requests

Event Timeline

Maniphest changed the visibility from "Public (No Login Required)" to "Custom Policy".Jan 24 2015, 2:50 AM

Maniphest changed the edit policy from "All Users" to "Custom Policy".

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 24 2015, 2:50 AM

zhaofengli created this task.Jan 24 2015, 2:50 AM

zhaofengli updated the task description. (Show Details)

zhaofengli added projects: Phabricator, WMF-NDA.

zhaofengli changed Security from None to Other confidential issue.

zhaofengli edited subscribers, added: zhaofengli; removed: Aklapper.

Aklapper renamed this task from Please remove the two-factor authentication from my account to Please remove the two-factor authentication from my Phabricator account.Jan 24 2015, 5:50 AM

Aklapper triaged this task as Low priority.

Aklapper removed a project: WMF-NDA.

Aklapper changed the visibility from "Custom Policy" to "Public (No Login Required)".

Aklapper changed the edit policy from "Custom Policy" to "All Users".

Aklapper changed Security from Other confidential issue to None.

I am sorry for not following up on this earlier.

There are currently no guidelines on this (T85706) and how we could verify the request.
Was the one-time token displayed to you, and did you archive that token?

No, I didn't see any one-time token when activating the feature. I can provide my committed identity on my enwiki user page (at the bottom) to prove my identity.

Aklapper added a subscriber: • chasemp.Jan 24 2015, 9:39 AM

If using the committed identity is acceptable, how can I send you the source text in a secure way?

Quiddity subscribed.Jan 25 2015, 6:40 AM

Ping @Aklapper and @chasemp (Just making sure this one doesn't fall off your radar :)

I'm not really sure what to do here. If @zhaofengli can demonstrate to @Aklapper's satisfaction then I'm ok with wiping the two-factor requirement (since @Aklapper is wiser in the ways of this than I).

Pardon my missing technical knowledge, being someone who does not use modern mobile phones to do stuff on the internet.

If using the committed identity is acceptable, how can I send you the source text in a secure way?

What is "the source text" in this context? The token? I simply wonder if it's anything that is also stored somewhere(TM) in Phabricator and that we could compare with. But right now I do not even have an idea how to use two-factor auth in Phab with my mobile phone at all.

Ah, so apparently there is a "user committed identity" template at the bottom of user pages.
Valhalla was kind enough to explain to me on IRC how things are supposed to work in this century.

<valhallasw`cloud> basically, zhaofeng would tell you what the secret string is, you'd SHA-512 that and compare, and that would tell you you're talking to the right person

@zhaofengli, could you please