Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up and choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring it, these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding social hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised 2. https://en.wikipedia.org/wiki/Template:Committed_identity 3. https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae
I know it's been said many times, but two-factor authentication, mandatory for accounts with advanced privileges and optionally available for everyone else, would seem to be a logical step. It's not foolproof, but it would go a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up and choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring it, these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding social hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
I emphasized on having 2fa for CUs, oversights and others with private data access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin cfranklin@halonetwork.net wrote:
I know it's been said many times, but two-factor authentication, mandatory for accounts with advanced privileges and optionally available for everyone else, would seem to be a logical step. It's not foolproof, but it would go a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up and choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring it, these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding social hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
My phone number is something I consider highly sensitive. Linking this kind of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
I emphasized on having 2fa for CUs, oversights and others with private data access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin cfranklin@halonetwork.net wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up and choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring it, these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding social hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking this kind of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
I emphasized on having 2fa for CUs, oversights and others with private data access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin cfranklin@halonetwork.net wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up and choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring it, these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding social hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar ones. Then you scan a QR code from a special page in Wikipedia. Then every time you want to login, you need to give username, password and a short-lived token the app gives you. See this for more details: https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605
I emphasized on having 2fa for CUs, oversights and others with private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <cfranklin@halonetwork.net
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up
and
choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring
it,
these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding
social
hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
_______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Actually I consider to be sensitive the google account linked to my mobile phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar ones. Then you scan a QR code from a special page in Wikipedia. Then every time you want to login, you need to give username, password and a short-lived token the app gives you. See this for more details: https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made
public
so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up
and
choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and
this
might be a good moment to encourage the WMF to have better
facilities
built into the projects. We could even make two-factor
identification
a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special
rights
that could cause a fair amount of disruption if a hacked account
were
not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring
it,
these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding
social
hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Emphasizing on this part of my message: "'Google Authenticator' *or similar ones.*"
On Sat, Nov 12, 2016 at 6:04 PM Vi to vituzzu.wiki@gmail.com wrote:
Actually I consider to be sensitive the google account linked to my mobile phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar ones. Then you scan a QR code from a special page in Wikipedia. Then every time you want to login, you need to give username, password and a short-lived token the app gives you. See this for more details:
https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF
staff
accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in
the
process appearing to promote an organisation.[1] It was not the
only
account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made
public
so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up
and
choice of passwords, along with user suggestions for better
account
management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more
secure
passwords. Two-factor authentication,[3] such as using mobile
phone
text messages, has been suggested a few times by volunteers, and
this
might be a good moment to encourage the WMF to have better
facilities
built into the projects. We could even make two-factor
identification
a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special
rights
that could cause a fair amount of disruption if a hacked account
were
not identified quickly. Considering that some administrator
accounts
can lie dormant for many months without the actual user monitoring
it,
these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding
social
hacking. A clearer understanding of what the community would want
to
see improved would probably help set development priorities.
Links
https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
<mailto:wikimedia-l-request@lists.wikimedia.org
?subject=unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_noticeboard#Two-Fa...
________________________________ Von: Wikimedia-l wikimedia-l-bounces@lists.wikimedia.org im Auftrag von Amir Ladsgroup ladsgroup@gmail.com Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better?
Emphasizing on this part of my message: "'Google Authenticator' *or similar ones.*"
On Sat, Nov 12, 2016 at 6:04 PM Vi to vituzzu.wiki@gmail.com wrote:
Actually I consider to be sensitive the google account linked to my mobile phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar ones. Then you scan a QR code from a special page in Wikipedia. Then every time you want to login, you need to give username, password and a short-lived token the app gives you. See this for more details:
https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF
staff
accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in
the
process appearing to promote an organisation.[1] It was not the
only
account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made
public
so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up
and
choice of passwords, along with user suggestions for better
account
management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more
secure
passwords. Two-factor authentication,[3] such as using mobile
phone
text messages, has been suggested a few times by volunteers, and
this
might be a good moment to encourage the WMF to have better
facilities
built into the projects. We could even make two-factor
identification
a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special
rights
that could cause a fair amount of disruption if a hacked account
were
not identified quickly. Considering that some administrator
accounts
can lie dormant for many months without the actual user monitoring
it,
these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding
social
hacking. A clearer understanding of what the community would want
to
see improved would probably help set development priorities.
Links
https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
<mailto:wikimedia-l-request@lists.wikimedia.org
?subject=unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
_______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
This is really excellent. Thankyou!
Cheers, Craig
On 13 November 2016 at 01:46, Steinsplitter Wiki <steinsplitter@wikipedia.de
wrote:
https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ noticeboard#Two-Factor_Authentication_now_available_for_admins
Von: Wikimedia-l wikimedia-l-bounces@lists.wikimedia.org im Auftrag von Amir Ladsgroup ladsgroup@gmail.com Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better?
Emphasizing on this part of my message: "'Google Authenticator' *or similar ones.*"
On Sat, Nov 12, 2016 at 6:04 PM Vi to vituzzu.wiki@gmail.com wrote:
Actually I consider to be sensitive the google account linked to my
mobile
phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar
ones.
Then you scan a QR code from a special page in Wikipedia. Then every
time
you want to login, you need to give username, password and a
short-lived
token the app gives you. See this for more details:
March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking
this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF
staff
accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with
private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
> Do any of the volunteers contributing to this list have ideas
for
> changes that may make a significant difference to security? > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in
the
> process appearing to promote an organisation.[1] It was not the
only
> account compromised. This is being analysed, though as there are > security issues being examined, the analysis has not been made
public
> so far; plus it's the weekend :-) > > Over the last few years, there have improvements on account
set-up
and
> choice of passwords, along with user suggestions for better
account
> management. Users can also chose to use committed identities[2]
to
> make account recovery easier, and are encouraged to use more
secure
> passwords. Two-factor authentication,[3] such as using mobile
phone
> text messages, has been suggested a few times by volunteers, and
this
> might be a good moment to encourage the WMF to have better
facilities
> built into the projects. We could even make two-factor
identification
> a requirement for trusted users, such as administrators,
important
> bots, and "high profile" accounts, where they may have special
rights
> that could cause a fair amount of disruption if a hacked account
were
> not identified quickly. Considering that some administrator
accounts
> can lie dormant for many months without the actual user
monitoring
it,
> these could end up being far more disruptive than well-watched > accounts like Jimmy's. > > We may want extra security to remain mostly optional, keeping
our
> projects simple to access. Education of new volunteers and
trusted
> users may be critical for making it effective, such as avoiding
social
> hacking. A clearer understanding of what the community would
want
to
> see improved would probably help set development priorities. > > Links > 1.
https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> 2. https://en.wikipedia.org/wiki/Template:Committed_identity > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > Thanks, > Fae > -- > faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae > > _______________________________________________ > Wikimedia-l mailing list, guidelines at:
> wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
<mailto:wikimedia-l-request@lists.wikimedia.org
?subject=unsubscribe>
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l
,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
I see this as not solving problems but creating barriers to participation
- one is the complexity of the process https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the more complicated the systems the more opportunity for failures, more points of access where data can be compromised, and the flip side the easier it is for people to be locked out, - its using 3rd party, no matter how good the system of the third party why should I be using anything other than the WMF system to login, my connection is with the WMF. Who is responsible if the connection is compromised or my data misused by the third party regardless of which third party used they need to know your user details to complete the loop in the authentication . - an authentication app is just inviting people to attempt to compromise the account as you have already given them part of the process should you lose your device
What I see could be a technical benefit has a dark side that is enabling additional parties to monitor our activities even compromise them. I think that "security" card is being played poorly here as anonymity in editing is something we have always respected the 3rd party participation in authentication appears to be stripping that away. Google and like minded commercial companies only provide these free tools to gather data for their own internal uses to enable them to better target the advertising that they sell.
On 14 November 2016 at 08:10, Craig Franklin cfranklin@halonetwork.net wrote:
This is really excellent. Thankyou!
Cheers, Craig
On 13 November 2016 at 01:46, Steinsplitter Wiki < steinsplitter@wikipedia.de
wrote:
https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ noticeboard#Two-Factor_Authentication_now_available_for_admins
Von: Wikimedia-l wikimedia-l-bounces@lists.wikimedia.org im Auftrag
von
Amir Ladsgroup ladsgroup@gmail.com Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better?
Emphasizing on this part of my message: "'Google Authenticator' *or
similar
ones.*"
On Sat, Nov 12, 2016 at 6:04 PM Vi to vituzzu.wiki@gmail.com wrote:
Actually I consider to be sensitive the google account linked to my
mobile
phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar
ones.
Then you scan a QR code from a special page in Wikipedia. Then every
time
you want to login, you need to give username, password and a
short-lived
token the app gives you. See this for more details:
March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up
so
that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number
to
any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured
for
how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking
this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF
staff
accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with
private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
wrote:
> I know it's been said many times, but two-factor authentication, mandatory > for accounts with advanced privileges and optionally available
for
everyone > else, would seem to be a logical step. It's not foolproof, but
it
would
go > a long way to making us less of a soft target. > > Cheers, > Craig > > On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote: > > > Do any of the volunteers contributing to this list have ideas
for
> > changes that may make a significant difference to security? > > > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked,
in
the
> > process appearing to promote an organisation.[1] It was not
the
only
> > account compromised. This is being analysed, though as there
are
> > security issues being examined, the analysis has not been made
public
> > so far; plus it's the weekend :-) > > > > Over the last few years, there have improvements on account
set-up
and
> > choice of passwords, along with user suggestions for better
account
> > management. Users can also chose to use committed
identities[2]
to
> > make account recovery easier, and are encouraged to use more
secure
> > passwords. Two-factor authentication,[3] such as using mobile
phone
> > text messages, has been suggested a few times by volunteers,
and
this
> > might be a good moment to encourage the WMF to have better
facilities
> > built into the projects. We could even make two-factor
identification
> > a requirement for trusted users, such as administrators,
important
> > bots, and "high profile" accounts, where they may have special
rights
> > that could cause a fair amount of disruption if a hacked
account
were
> > not identified quickly. Considering that some administrator
accounts
> > can lie dormant for many months without the actual user
monitoring
it,
> > these could end up being far more disruptive than well-watched > > accounts like Jimmy's. > > > > We may want extra security to remain mostly optional, keeping
our
> > projects simple to access. Education of new volunteers and
trusted
> > users may be critical for making it effective, such as
avoiding
social
> > hacking. A clearer understanding of what the community would
want
to
> > see improved would probably help set development priorities. > > > > Links > > 1.
https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > > Thanks, > > Fae > > -- > > faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at:
> > wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l@lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
> > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
> _______________________________________________ > Wikimedia-l mailing list, guidelines at: > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
> <mailto:wikimedia-l-request@lists.wikimedia.org
?subject=unsubscribe>
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l
,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Task: https://phabricator.wikimedia.org/T150646 - A Wikimedia hosted two-factor authentication app
I agree there are issues, and the help files would need a lot more work before a wider roll-out. The current advice[1] is too open ended and many users randomly searching for two-factor authentication apps (or browser plug-ins) will end up using Google's, or a supplier with no track record, or even some other app with commercial adverts.
Open source solutions are around, like Authy[2] (which is what I'm using). There is nothing to stop the WMF from hosting a build using current open source code, and even making it available on Google Play, with the options of customizing it in useful ways later on. For these reasons I've kicked of the task above for the WMF to consider hosting an app.
Links: 1. https://meta.wikimedia.org/wiki/Help:Two-factor_authentication 2. https://github.com/authy
On 14 November 2016 at 08:05, Gnangarra gnangarra@gmail.com wrote:
I see this as not solving problems but creating barriers to participation
- one is the complexity of the process
https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the more complicated the systems the more opportunity for failures, more points of access where data can be compromised, and the flip side the easier it is for people to be locked out,
- its using 3rd party, no matter how good the system of the third party
why should I be using anything other than the WMF system to login, my connection is with the WMF. Who is responsible if the connection is compromised or my data misused by the third party regardless of which third party used they need to know your user details to complete the loop in the authentication .
- an authentication app is just inviting people to attempt to compromise
the account as you have already given them part of the process should you lose your device
What I see could be a technical benefit has a dark side that is enabling additional parties to monitor our activities even compromise them. I think that "security" card is being played poorly here as anonymity in editing is something we have always respected the 3rd party participation in authentication appears to be stripping that away. Google and like minded commercial companies only provide these free tools to gather data for their own internal uses to enable them to better target the advertising that they sell.
On 14 November 2016 at 08:10, Craig Franklin cfranklin@halonetwork.net wrote:
This is really excellent. Thankyou!
Cheers, Craig
On 13 November 2016 at 01:46, Steinsplitter Wiki < steinsplitter@wikipedia.de
wrote:
https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ noticeboard#Two-Factor_Authentication_now_available_for_admins
Von: Wikimedia-l wikimedia-l-bounces@lists.wikimedia.org im Auftrag
von
Amir Ladsgroup ladsgroup@gmail.com Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts be better?
Emphasizing on this part of my message: "'Google Authenticator' *or
similar
ones.*"
On Sat, Nov 12, 2016 at 6:04 PM Vi to vituzzu.wiki@gmail.com wrote:
Actually I consider to be sensitive the google account linked to my
mobile
phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar
ones.
Then you scan a QR code from a special page in Wikipedia. Then every
time
you want to login, you need to give username, password and a
short-lived
token the app gives you. See this for more details:
March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up
so
that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number
to
any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured
for
how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking
this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
> As far as I know 2FA is already implemented and mandatory for WMF
staff
> accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
> > I emphasized on having 2fa for CUs, oversights and others with
private
data
> access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
> wrote: > > > I know it's been said many times, but two-factor authentication, > mandatory > > for accounts with advanced privileges and optionally available
for
> everyone > > else, would seem to be a logical step. It's not foolproof, but
it
would
> go > > a long way to making us less of a soft target. > > > > Cheers, > > Craig > > > > On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote: > > > > > Do any of the volunteers contributing to this list have ideas
for
> > > changes that may make a significant difference to security? > > > > > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked,
in
the
> > > process appearing to promote an organisation.[1] It was not
the
only
> > > account compromised. This is being analysed, though as there
are
> > > security issues being examined, the analysis has not been made
public
> > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account
set-up
and
> > > choice of passwords, along with user suggestions for better
account
> > > management. Users can also chose to use committed
identities[2]
to
> > > make account recovery easier, and are encouraged to use more
secure
> > > passwords. Two-factor authentication,[3] such as using mobile
phone
> > > text messages, has been suggested a few times by volunteers,
and
this
> > > might be a good moment to encourage the WMF to have better
facilities
> > > built into the projects. We could even make two-factor
identification
> > > a requirement for trusted users, such as administrators,
important
> > > bots, and "high profile" accounts, where they may have special
rights
> > > that could cause a fair amount of disruption if a hacked
account
were
> > > not identified quickly. Considering that some administrator
accounts
> > > can lie dormant for many months without the actual user
monitoring
it,
> > > these could end up being far more disruptive than well-watched > > > accounts like Jimmy's. > > > > > > We may want extra security to remain mostly optional, keeping
our
> > > projects simple to access. Education of new volunteers and
trusted
> > > users may be critical for making it effective, such as
avoiding
social
> > > hacking. A clearer understanding of what the community would
want
to
> > > see improved would probably help set development priorities. > > > > > > Links > > > 1.
https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
> > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > > > > Thanks, > > > Fae > > > -- > > > faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at:
> > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l@lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
> > > <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
> > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l@lists.wikimedia.org > > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
> > <mailto:wikimedia-l-request@lists.wikimedia.org
?subject=unsubscribe>
> _______________________________________________ > Wikimedia-l mailing list, guidelines at:
> wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l
,
> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- GN. President Wikimedia Australia WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra Photo Gallery: http://gnangarra.redbubble.com _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Reinventing the wheel is not a good idea, choosing an existing and active open source project and take part into development is cheaper and more sustainable, phabricator is a good example.
Vito
2016-11-14 11:45 GMT+01:00 Fæ faewik@gmail.com:
Task: https://phabricator.wikimedia.org/T150646 - A Wikimedia hosted two-factor authentication app
I agree there are issues, and the help files would need a lot more work before a wider roll-out. The current advice[1] is too open ended and many users randomly searching for two-factor authentication apps (or browser plug-ins) will end up using Google's, or a supplier with no track record, or even some other app with commercial adverts.
Open source solutions are around, like Authy[2] (which is what I'm using). There is nothing to stop the WMF from hosting a build using current open source code, and even making it available on Google Play, with the options of customizing it in useful ways later on. For these reasons I've kicked of the task above for the WMF to consider hosting an app.
Links:
On 14 November 2016 at 08:05, Gnangarra gnangarra@gmail.com wrote:
I see this as not solving problems but creating barriers to participation
- one is the complexity of the process
https://meta.wikimedia.org/wiki/Help:Two-factor_authentication the
more
complicated the systems the more opportunity for failures, more
points of
access where data can be compromised, and the flip side the easier it
is
for people to be locked out,
- its using 3rd party, no matter how good the system of the third
party
why should I be using anything other than the WMF system to login, my connection is with the WMF. Who is responsible if the connection is compromised or my data misused by the third party regardless of which
third
party used they need to know your user details to complete the loop
in the
authentication .
- an authentication app is just inviting people to attempt to
compromise
the account as you have already given them part of the process should
you
lose your device
What I see could be a technical benefit has a dark side that is enabling additional parties to monitor our activities even compromise them. I
think
that "security" card is being played poorly here as anonymity in editing
is
something we have always respected the 3rd party participation in authentication appears to be stripping that away. Google and like minded commercial companies only provide these free tools to gather data for
their
own internal uses to enable them to better target the advertising that
they
sell.
On 14 November 2016 at 08:10, Craig Franklin cfranklin@halonetwork.net wrote:
This is really excellent. Thankyou!
Cheers, Craig
On 13 November 2016 at 01:46, Steinsplitter Wiki < steinsplitter@wikipedia.de
wrote:
https://en.wikipedia.org/wiki/Wikipedia:Administrators%27_ noticeboard#Two-Factor_Authentication_now_available_for_admins
Von: Wikimedia-l wikimedia-l-bounces@lists.wikimedia.org im Auftrag
von
Amir Ladsgroup ladsgroup@gmail.com Gesendet: Samstag, 12. November 2016 15:37 An: Wikimedia Mailing List Betreff: Re: [Wikimedia-l] How should security of Wikimedia accounts
be
better?
Emphasizing on this part of my message: "'Google Authenticator' *or
similar
ones.*"
On Sat, Nov 12, 2016 at 6:04 PM Vi to vituzzu.wiki@gmail.com wrote:
Actually I consider to be sensitive the google account linked to my
mobile
phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or
similar
ones.
Then you scan a QR code from a special page in Wikipedia. Then
every
time
you want to login, you need to give username, password and a
short-lived
token the app gives you. See this for more details:
March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set
up
so
that mobile numbers are *guaranteed* to never be logged or
archived
and only stored in a constrained way for a verification number to
be
issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone
number
to
any server in the USA, where there are always questions about
secret
access and storage for government agencies.
We can require that guarantees are given and transparently assured
for
how any personal information like this is handled by WMF
implemented
software. It could even be an area that requires legally
meaningful
assurance, or local processing to avoid, say, Europeans sending
any
personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com
wrote:
> My phone number is something I consider highly sensitive.
Linking
this
kind > of data to my online identity would be an unacceptable risk for
me.
> > Vito > > 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgroup@gmail.com
:
> >> As far as I know 2FA is already implemented and mandatory for
WMF
staff
>> accounts and wikitech accounts. https://phabricator.wikimedia. org/T107605 >> >> I emphasized on having 2fa for CUs, oversights and others with
private
data >> access: https://phabricator.wikimedia.org/T107605#2570342 >> Not sure what's blocking this. >> >> Best >> >> On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin < cfranklin@halonetwork.net > >> wrote: >> >> > I know it's been said many times, but two-factor
authentication,
>> mandatory >> > for accounts with advanced privileges and optionally
available
for
>> everyone >> > else, would seem to be a logical step. It's not foolproof,
but
it
would >> go >> > a long way to making us less of a soft target. >> > >> > Cheers, >> > Craig >> > >> > On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote: >> > >> > > Do any of the volunteers contributing to this list have
ideas
for
>> > > changes that may make a significant difference to security? >> > > >> > > Yesterday saw Jimmy Wales' Wikipedia account getting
hacked,
in
the
>> > > process appearing to promote an organisation.[1] It was not
the
only
>> > > account compromised. This is being analysed, though as
there
are
>> > > security issues being examined, the analysis has not been
made
public >> > > so far; plus it's the weekend :-) >> > > >> > > Over the last few years, there have improvements on account
set-up
and >> > > choice of passwords, along with user suggestions for better
account
>> > > management. Users can also chose to use committed
identities[2]
to
>> > > make account recovery easier, and are encouraged to use
more
secure
>> > > passwords. Two-factor authentication,[3] such as using
mobile
phone
>> > > text messages, has been suggested a few times by
volunteers,
and
this >> > > might be a good moment to encourage the WMF to have better facilities >> > > built into the projects. We could even make two-factor identification >> > > a requirement for trusted users, such as administrators,
important
>> > > bots, and "high profile" accounts, where they may have
special
rights >> > > that could cause a fair amount of disruption if a hacked
account
were >> > > not identified quickly. Considering that some administrator
accounts
>> > > can lie dormant for many months without the actual user
monitoring
it, >> > > these could end up being far more disruptive than
well-watched
>> > > accounts like Jimmy's. >> > > >> > > We may want extra security to remain mostly optional,
keeping
our
>> > > projects simple to access. Education of new volunteers and
trusted
>> > > users may be critical for making it effective, such as
avoiding
social >> > > hacking. A clearer understanding of what the community
would
want
to
>> > > see improved would probably help set development
priorities.
>> > > >> > > Links >> > > 1.
https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
>> > > 2. https://en.wikipedia.org/wiki/
Template:Committed_identity
>> > > 3. https://en.wikipedia.org/wiki/
Multi-factor_authentication
>> > > >> > > Thanks, >> > > Fae >> > > -- >> > > faewik@gmail.com https://commons.wikimedia.org/
wiki/User:Fae
>> > > >> > > _______________________________________________ >> > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ >> > > wiki/Mailing_lists/Guidelines >> > > New messages to: Wikimedia-l@lists.wikimedia.org >> > > Unsubscribe: https://lists.wikimedia.org/ mailman/listinfo/wikimedia-l , >> > > mailto:wikimedia-l-request@lists.wikimedia.org?subject= unsubscribe >> > _______________________________________________ >> > Wikimedia-l mailing list, guidelines at: >> > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines >> > New messages to: Wikimedia-l@lists.wikimedia.org >> > Unsubscribe:
https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
, >> > <mailto:wikimedia-l-request@lists.wikimedia.org
?subject=unsubscribe>
>> _______________________________________________ >> Wikimedia-l mailing list, guidelines at:
>> wiki/Mailing_lists/Guidelines >> New messages to: Wikimedia-l@lists.wikimedia.org >> Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l
,
>> <mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- GN. President Wikimedia Australia WMAU: http://www.wikimedia.org.au/wiki/User:Gnangarra Photo Gallery: http://gnangarra.redbubble.com _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/
wiki/Mailing_lists/Guidelines
New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae Personal and confidential, please do not circulate or re-quote.
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
I believe you can find some 2FA application that isn't affiliated with Google (actually Google Authenticatir app doesn't require Google account to be linked. Tested on iOS and Android.)
Also, some desktop application (ie. 1password*) is 2FA compatible.
* Not Free/Open Source Software. -- Yongmin H.
Sent from my iPhone Please note that this address is list-only address and any non-mailing list mails will be treated as spam. Please use https://encrypt.to/0x947f156f16250de39788c3c35b625da5beff197a.
2016. 11. 12. 23:34 Vi to vituzzu.wiki@gmail.com 작성:
Actually I consider to be sensitive the google account linked to my mobile phone :|
also lots of people might have no compatible devices.
Vito
2016-11-12 15:30 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
There is no need to store phone number at all. You need to install an app called "Google Authenticator" or similar ones. Then you scan a QR code from a special page in Wikipedia. Then every time you want to login, you need to give username, password and a short-lived token the app gives you. See this for more details: https://lists.wikimedia.org/pipermail/labs-announce/2016-March/000104.html
On Sat, Nov 12, 2016 at 5:38 PM Fæ faewik@gmail.com wrote:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote: My phone number is something I consider highly sensitive. Linking this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made
public
so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up
and
choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and
this
might be a good moment to encourage the WMF to have better
facilities
built into the projects. We could even make two-factor
identification
a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special
rights
that could cause a fair amount of disruption if a hacked account
were
not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring
it,
these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding
social
hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l ,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
At a glance I don't see any way to avoid storing numbers somewhere. Other solutions would be physically sent card/tokens (more secure, less cheap, more privacy concerns) or "display once and print" cards with randomly generated numbers to use as 2nd factor (less secure, *so* cheap, no privacy concerns).
Anyway we should provide a set of 2FA methods: 2FA with mobile numbers is great for people being not privacy-paranoid (like me).
Vito
2016-11-12 15:08 GMT+01:00 Fæ faewik@gmail.com:
Good point Vito,
I agree that mobile numbers are personal information. However, my understanding of the two-factor process would be that it can set up so that mobile numbers are *guaranteed* to never be logged or archived and only stored in a constrained way for a verification number to be issued. There are various ways of getting two-factor processes to work, so methods that do not rely on mobile numbers may suit volunteers that are worried about sending their mobile phone number to any server in the USA, where there are always questions about secret access and storage for government agencies.
We can require that guarantees are given and transparently assured for how any personal information like this is handled by WMF implemented software. It could even be an area that requires legally meaningful assurance, or local processing to avoid, say, Europeans sending any personal data to the USA. ;-)
Fae
On 12 November 2016 at 13:53, Vi to vituzzu.wiki@gmail.com wrote:
My phone number is something I consider highly sensitive. Linking this
kind
of data to my online identity would be an unacceptable risk for me.
Vito
2016-11-12 13:37 GMT+01:00 Amir Ladsgroup ladsgroup@gmail.com:
As far as I know 2FA is already implemented and mandatory for WMF staff accounts and wikitech accounts. https://phabricator.wikimedia.
org/T107605
I emphasized on having 2fa for CUs, oversights and others with private
data
access: https://phabricator.wikimedia.org/T107605#2570342 Not sure what's blocking this.
Best
On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <
cfranklin@halonetwork.net>
wrote:
I know it's been said many times, but two-factor authentication,
mandatory
for accounts with advanced privileges and optionally available for
everyone
else, would seem to be a logical step. It's not foolproof, but it
would
go
a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made
public
so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up
and
choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and
this
might be a good moment to encourage the WMF to have better
facilities
built into the projects. We could even make two-factor
identification
a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special
rights
that could cause a fair amount of disruption if a hacked account
were
not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring
it,
these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding
social
hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at:
wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/
mailman/listinfo/wikimedia-l,
<mailto:wikimedia-l-request@lists.wikimedia.org?subject=
unsubscribe>
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l
,
mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
-- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
+1 to what Craig wrote: two-factor authentication, with a key stored in an authenticator application (which eliminates the problem of revealing the phone number), would definitely be a great thing - and we could make it opt-in, except for higher level functionaries.
best,
dariusz
On Sat, Nov 12, 2016 at 7:27 AM, Craig Franklin cfranklin@halonetwork.net wrote:
I know it's been said many times, but two-factor authentication, mandatory for accounts with advanced privileges and optionally available for everyone else, would seem to be a logical step. It's not foolproof, but it would go a long way to making us less of a soft target.
Cheers, Craig
On 12 November 2016 at 22:22, Fæ faewik@gmail.com wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the process appearing to promote an organisation.[1] It was not the only account compromised. This is being analysed, though as there are security issues being examined, the analysis has not been made public so far; plus it's the weekend :-)
Over the last few years, there have improvements on account set-up and choice of passwords, along with user suggestions for better account management. Users can also chose to use committed identities[2] to make account recovery easier, and are encouraged to use more secure passwords. Two-factor authentication,[3] such as using mobile phone text messages, has been suggested a few times by volunteers, and this might be a good moment to encourage the WMF to have better facilities built into the projects. We could even make two-factor identification a requirement for trusted users, such as administrators, important bots, and "high profile" accounts, where they may have special rights that could cause a fair amount of disruption if a hacked account were not identified quickly. Considering that some administrator accounts can lie dormant for many months without the actual user monitoring it, these could end up being far more disruptive than well-watched accounts like Jimmy's.
We may want extra security to remain mostly optional, keeping our projects simple to access. Education of new volunteers and trusted users may be critical for making it effective, such as avoiding social hacking. A clearer understanding of what the community would want to see improved would probably help set development priorities.
Links
- https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised
- https://en.wikipedia.org/wiki/Template:Committed_identity
- https://en.wikipedia.org/wiki/Multi-factor_authentication
Thanks, Fae -- faewik@gmail.com https://commons.wikimedia.org/wiki/User:Fae
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, mailto:wikimedia-l-request@lists.wikimedia.org?subject=unsubscribe
Fæ wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
When you log in, you're given a user session. This session, along with local Web browser HTTP cookies, allows you to stay logged in and authenticated as you browse and edit a wiki. We've previously discussed the ability for a user to see all of his or her account's active sessions, similar to what other sites (GitHub, Facebook, Google) already allow.
This type of interface lets a user see his or her own active sessions, originating IP addresses and User-Agent strings, and sometimes the interface allows destroying all or some sessions (e.g., if you see a session from the time you logged in to a friend's computer). This type of interface can also be used, for better or worse, to track typical behavior of the user, so that if a user often logs in from a specific IP address range (e.g., their home computer in the UK), a user session that comes from a vastly different IP address range (e.g., a mobile device in Australia) can be flagged and reported to the user. Or, in the case of two-factor authentication, a "suspicious" login attempt can be required to go through additional verification. These types of systems are common for Gmail accounts and some credit card accounts.
Regarding a user seeing a list of his or her own active sessions and corresponding information, there was, and there likely still is, considerable opposition to this idea. It's akin to a "self-CheckUser" feature (which I think we should separately support) and there were concerns that we would help vandals, sockpuppets, and other bad users.
Some links:
* https://www.mediawiki.org/wiki/?curid=117743 * https://www.mediawiki.org/wiki/?curid=156161 * https://phabricator.wikimedia.org/T387 * https://phabricator.wikimedia.org/T29242
MZMcBride
Task https://phabricator.wikimedia.org/T150605
I have raised the above task for the WMF to publish an appropriate summary of the behind the scenes analysis of the recent hack of accounts and the claimed copying of the English Wikipedia database (presumably user account tables). The request summary is pasted below for those that don't want to read the detail, though I recommend that technically minded volunteers subscribe to it on Phabricator --
"This is a request for a report of the analysis of the OurMine hack to be published. It is understood that a non-public investigation is necessary, but it also makes sense to be transparent about events and as quickly as possible. This will provide an 'official' public assurance of the steps being taken by the WMF to make the systems more secure. Volunteers have rapidly responded by promoting two-factor authentication, as well as working collegiately on guidance for volunteers. A report of the behind the scenes analysis would aid these efforts and ensure that if wider changes of passwords or the roll-out of 2FA to non-sysop accounts makes sense, that these can be discussed within the community in a positive way. It is likely that volunteer discussions will continue and this will be reported in the Signpost next week, so timing a report in the next few days would be helpful in ensuring factual reporting."
Thanks, Fae
On 12 November 2016 at 23:34, MZMcBride z@mzmcbride.com wrote:
Fæ wrote:
Do any of the volunteers contributing to this list have ideas for changes that may make a significant difference to security?
When you log in, you're given a user session. This session, along with local Web browser HTTP cookies, allows you to stay logged in and authenticated as you browse and edit a wiki. We've previously discussed the ability for a user to see all of his or her account's active sessions, similar to what other sites (GitHub, Facebook, Google) already allow.
This type of interface lets a user see his or her own active sessions, originating IP addresses and User-Agent strings, and sometimes the interface allows destroying all or some sessions (e.g., if you see a session from the time you logged in to a friend's computer). This type of interface can also be used, for better or worse, to track typical behavior of the user, so that if a user often logs in from a specific IP address range (e.g., their home computer in the UK), a user session that comes from a vastly different IP address range (e.g., a mobile device in Australia) can be flagged and reported to the user. Or, in the case of two-factor authentication, a "suspicious" login attempt can be required to go through additional verification. These types of systems are common for Gmail accounts and some credit card accounts.
Regarding a user seeing a list of his or her own active sessions and corresponding information, there was, and there likely still is, considerable opposition to this idea. It's akin to a "self-CheckUser" feature (which I think we should separately support) and there were concerns that we would help vandals, sockpuppets, and other bad users.
Some links:
- https://www.mediawiki.org/wiki/?curid=117743
- https://www.mediawiki.org/wiki/?curid=156161
- https://phabricator.wikimedia.org/T387
- https://phabricator.wikimedia.org/T29242
MZMcBride
wikimedia-l@lists.wikimedia.org