At a glance I don't see any way to avoid storing numbers somewhere. Other solutions would be physically sent card/tokens (more secure, less cheap, more privacy concerns) or "display once and print" cards with randomly generated numbers to use as 2nd factor (less secure, *so* cheap, no privacy concerns).
Anyway we should provide a set of 2FA methods: 2FA with mobile numbers is great for people being not privacy-paranoid (like me).
Vito
2016-11-12 15:08 GMT+01:00 Fæ faewik@gmail.com:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net>
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made
public
so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up
and
choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and
this
might be a good moment to encourage the WMF to have better
facilities
built into the projects. We could even make two-factor
identification
a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special
rights
that could cause a fair amount of disruption if a hacked account
were
not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring
it,
these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding
social
hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe