The plan is as follows:
Sometime in the near future, we will be invalidating the sessions of anyone who has an auth factor which was potentially affected. If you were one of the potentially affected users then the next time you log in to Phabricator, you should see a notification directing you to reset your TOTP auth factor. If you don't see any notice like that then you are not among those who were potentially affected.
I will post an update here once that is done, in the meantime you don't need to take any action in particular.
On Fri, Jan 17, 2020 at 11:22 AM RhinosF1 - rhinosf1@gmail.com wrote:
What about those that do?
RhinosF1
On Fri, 17 Jan 2020 at 15:51, David Sharpe dsharpe@wikimedia.org wrote:
There is a team working on the Phabricator 2FA action item right now. More to come soon…
No action is required for people without 2FA configured within
Phabricator.
On Jan 17, 2020, at 10:25 AM, RhinosF1 - rhinosf1@gmail.com wrote:
Can you also confirm we need to take NO action?
RhinosF1
On Fri, 17 Jan 2020 at 11:02, revi lists@revi.email wrote:
Hi,
If it is possible to do so, can you notify to the people whose 2FA
were
reset? I know at least few people who uses 2FA on Phab, and does not
read
emails from wikitech-l and/or wikimedia-l.
Thanks!
나의 iPhone에서 보냄
- 06:26, David Sharpe dsharpe@wikimedia.org 작성:
However, out of an abundance of caution, we are resetting all
Two-Factor
Authentication keys for Phabricator and invalidating the exposed login access tokens.
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l