Le Sat, 24 Aug 2013 19:05:38 +0200, Tyler Romeo tylerromeo@gmail.com a écrit:
On Sat, Aug 24, 2013 at 12:50 PM, Seb35 seb35wikipedia@gmail.com wrote:
An other solution is the use of one-time passwords [1] for high-security or https-unfriendly users (e.g. logging in) or actions (e.g. checkuser action). Such one-time passwords can be generated entirely on the client side (e.g. a program) or on an external device (e.g. SecurID [2]). This transfers the problem "unsecure password" to a problem "protection of the password generator" (e.g. with an offline password) and introduces the key distribution problem (e.g. the physical device).
Would something like Extension:OATHAuth fit this purpose?
Oh yes, this type of extension would be great for checkusers/oversights; probably the documentation should be improved if deployed on the Wikimedia wikis -- I didn’t know myself how this was functionning exactly when I played with it.
Thanks, ~ Seb35