Page MenuHomePhabricator
People TheGreatGreenStar

TheGreatGreenStar (GreenStar)
User

Projects

User does not belong to any projects.

Calendar

Today

  • No visible events.

Tomorrow

  • No visible events.

Friday

  • No visible events.

User Details

User Since
Jul 18 2025, 1:49 AM (30 w, 5 d)
Availability
Available
LDAP User
Unknown
MediaWiki User
TheGreatGreenStar [ Global Accounts ]

Recent Activity
View All

Jul 18 2025

TheGreatGreenStar added a comment to T321708: MediaWiki should support passwordless login with passkeys.

Regarding the line

Someone needs to decide first whether we want to push forward at all. Arguably the technology is not that mature yet (see e.g. https://arstechnica.com/security/2024/12/passkey-technology-is-elegant-but-its-most-definitely-not-usable-security/ or this recent vulnerability) and used on few other large websites.

That number has increased as according to findings from the FIDO Alliance, 48% of the world’s top 100 websites
have already integrated passkey support. (https://fidoalliance.org/wp-content/uploads/2025/04/World-Password-Day-2025-Final.pdf)
We can also see that many companies are actively working to increase passkey adoption and usage including amazon, Microsoft and google: https://fidoalliance.org/passkeypledge/#See-Who-Has-Signed-the-Pledge

Jul 18 2025, 11:50 AM · User-notice, Patch-For-Review, MediaWiki-Platform-Team, FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support), MediaWiki-extensions-OATHAuth, MediaWiki-User-login-and-signup, MediaWiki-Core-AuthManager
TheGreatGreenStar added a comment to T399917: Passkey Endpoints Well-Known URL.

I accidentally copied name from wrong downstream feature request. Fixed.

Jul 18 2025, 2:27 AM · MediaWiki-extensions-OATHAuth, affects-Miraheze
TheGreatGreenStar renamed T399917: Passkey Endpoints Well-Known URL from Webauthn upgrade from 2FA to Passkeys for Passwordless to Passkey Endpoints Well-Known URL.
Jul 18 2025, 2:26 AM · MediaWiki-extensions-OATHAuth, affects-Miraheze
TheGreatGreenStar added a subtask for T321708: MediaWiki should support passwordless login with passkeys: T399917: Passkey Endpoints Well-Known URL.
Jul 18 2025, 2:21 AM · User-notice, Patch-For-Review, MediaWiki-Platform-Team, FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support), MediaWiki-extensions-OATHAuth, MediaWiki-User-login-and-signup, MediaWiki-Core-AuthManager
TheGreatGreenStar added a parent task for T399917: Passkey Endpoints Well-Known URL: T321708: MediaWiki should support passwordless login with passkeys.
Jul 18 2025, 2:21 AM · MediaWiki-extensions-OATHAuth, affects-Miraheze
TheGreatGreenStar created T399917: Passkey Endpoints Well-Known URL.
Jul 18 2025, 2:20 AM · MediaWiki-extensions-OATHAuth, affects-Miraheze
TheGreatGreenStar added a comment to T321708: MediaWiki should support passwordless login with passkeys.

Regarding recovery, perhaps to go fully passwordless users could be required to either have at least 2 passkeys OR one synced passkey (if we can detect this). If a user only has 1 local-bound passkey it should still bypass password but login via password + 2fa could still be possible to prevent lockout.
Alternatively passwordless with only 1 passkey regardless of type could be allowed BUT users then would be required to verify saving recovery codes by using one upon creation of their first passkey to ensure a recovery method.

Jul 18 2025, 2:07 AM · User-notice, Patch-For-Review, MediaWiki-Platform-Team, FY2025-26 WE 4.6 - Account Security (WE 4.6.4 - 2FA improvements and passkey support), MediaWiki-extensions-OATHAuth, MediaWiki-User-login-and-signup, MediaWiki-Core-AuthManager
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits