Task: https://phabricator.wikimedia.org/T150646 - A Wikimedia hosted two-factor authentication app
I agree there are issues, and the help files would need a lot more work before a wider roll-out. The current advice[1] is too open ended and many users randomly searching for two-factor authentication apps (or browser plug-ins) will end up using Google's, or a supplier with no track record, or even some other app with commercial adverts.
Open source solutions are around, like Authy[2] (which is what I'm using). There is nothing to stop the WMF from hosting a build using current open source code, and even making it available on Google Play, with the options of customizing it in useful ways later on. For these reasons I've kicked of the task above for the WMF to consider hosting an app.
Links: 1. https://meta.wikimedia.org/wiki/Help:Two-factor_authentication 2. https://github.com/authy
On 14 November 2016 at 08:05, Gnangarra gnangarra@gmail.com wrote:
I see this as not solving problems but creating barriers to participation
- one is the complexity of the process
https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the more complicated the systems the more opportunity for failures, more points of access where data can be compromised, and the flip side the easier it is for people to be locked out,
- its using 3rd party, no matter how good the system of the third party
why should I be using anything other than the WMF system to login, my connection is with the WMF. Who is responsible if the connection is compromised or my data misused by the third party regardless of which third party used they need to know your user details to complete the loop in the authentication .
- an authentication app is just inviting people to attempt to compromise
the account as you have already given them part of the process should you lose your device
What I see could be a technical benefit has a dark side that is enabling additional parties to monitor our activities even compromise them. I think that "security" card is being played poorly here as anonymity in editing is something we have always respected the 3rd party participation in authentication appears to be stripping that away. Google and like minded commercial companies only provide these free tools to gather data for their own internal uses to enable them to better target the advertising that they sell.
On 14 November 2016 at 08:10, Craig Franklin cfranklin@halonetwork.net wrote:
This is really excellent. Thankyou!
Cheers, Craig
On 13 November 2016 at 01:46, Steinsplitter Wiki < steinsplitter@wikipedia.de
wrote:
https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ noticeboard#Two-Factor_Authentication_now_available_for_admins
Von: Wikimedia-l wikimedia-l-bounces@lists.wikimedia.org im Auftrag
von
Amir Ladsgroup ladsgroup@gmail.com Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better?
Emphasizing on this part of my message: "'Google Authenticator' *or
similar
ones.*"
On Sat, Nov 12, 2016 at 6:04 PM Vi to vituzzu.wiki@gmail.com wrote:
Actually I consider to be sensitive the google account linked to my
mobile
phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar
ones.
Then you scan a QR code from a special page in Wikipedia. Then every
time
you want to login, you need to give username, password and a
short-lived
token the app gives you. See this for more details:
March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up
so
that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number
to
any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured
for
how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking
this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
> As far as I know 2FA is already implemented and mandatory for WMF
staff
> accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
> > I emphasized on having 2fa for CUs, oversights and others with
private
data
> access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
> wrote: > > > I know it's been said many times, but two-factor authentication, > mandatory > > for accounts with advanced privileges and optionally available
for
> everyone > > else, would seem to be a logical step. It's not foolproof, but
it
would
> go > > a long way to making us less of a soft target. > > > > Cheers, > > Craig > > > > On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote: > > > > > Do any of the volunteers contributing to this list have ideas
for
> > > changes that may make a significant difference to security? > > > > > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked,
in
the
> > > process appearing to promote an organisation.[1] It was not
the
only
> > > account compromised. This is being analysed, though as there
are
> > > security issues being examined, the analysis has not been made
public
> > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account
set-up
and
> > > choice of passwords, along with user suggestions for better
account
> > > management. Users can also chose to use committed
identities[2]
to
> > > make account recovery easier, and are encouraged to use more
secure
> > > passwords. Two-factor authentication,[3] such as using mobile
phone
> > > text messages, has been suggested a few times by volunteers,
and
this
> > > might be a good moment to encourage the WMF to have better
facilities
> > > built into the projects. We could even make two-factor
identification
> > > a requirement for trusted users, such as administrators,
important
> > > bots, and "high profile" accounts, where they may have special
rights
> > > that could cause a fair amount of disruption if a hacked
account
were
> > > not identified quickly. Considering that some administrator
accounts
> > > can lie dormant for many months without the actual user
monitoring
it,
> > > these could end up being far more disruptive than well-watched > > > accounts like Jimmy's. > > > > > > We may want extra security to remain mostly optional, keeping
our
> > > projects simple to access. Education of new volunteers and
trusted
> > > users may be critical for making it effective, such as
avoiding
social
> > > hacking. A clearer understanding of what the community would
want
to
> > > see improved would probably help set development priorities. > > > > > > Links > > > 1.
https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > > > > Thanks, > > > Fae > > > -- > > > faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at:
> > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l@lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
> > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l@lists.wikimedia.org > > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
> > <mailto:wikimedia-l-request@lists.wikimedia.org
?subject=unsubscribe>
> _______________________________________________ > Wikimedia-l mailing list, guidelines at:
> wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l
,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- GN. President Wikimedia Australia WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra Photo Gallery: http://gnangarra.redbubble.com _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe