Hello,
I would like to do some major changes to two factor auth. I am cross
posting this on phabricator and the mailing list to give it some more
attention and to start some proper discussion before anyone starts
working on this:
Right now there are only two options for two factor authentication:
* Don't use two-factor authentication (insecure)
* Use two factor authentication (annoying as hell)
With two factor authentication it doesn't seem to be possible to make
session persistent and it really is extremely annoying to look for
your mobile phone, open the app and fill in the code everytime you
want to do some simple wiki action. I am very lazy and even found
myself to rather decide not to do a minor change (be it fix of typo
correction etc. in article on English Wikipedia etc) rather than going
through the hassle of using the google authenticator.
I think it would be really cool to have an option (or maybe even more
of them?) that would help to specify when two factor auth is really
desired, so that for example users could decide that for simple
actions like wiki editing normal login would be sufficient, but for
changes like:
* Change of password
* Change of (some) preferences
* Admin actions (block, delete etc.)
P.S. Unfortunately I no longer have so much free time to track every
single thread in this mailing list, so maybe this is a duplicate of
some older idea by someone else, if that's the case, please merge the
phab task with whatever the other identical proposal is.
Thank you