Do those of us using Phabricator 2FA need to take any action?
On Fri, Jan 17, 2020 at 7:38 AM Greg Grossmeier greg@wikimedia.org wrote:
Keeping this thread on-list to help others who might be unsure.
Hello Pine,
On Thu, Jan 16, 2020 at 4:23 PM Pine W wiki.pine@gmail.com wrote:
The way that I log into Phab is by using https://phabricator.wikimedia.org/auth/start/?next=%2F, and then logging into MediaWiki and authorizing Phab to access my credentials. The
MediaWiki
login including the 2FA is the same that I use for many other Wikimedia sites.
Correct, you are logging into your MediaWiki account with your 2FA token, then you are logging into Phabricator via OAuth.
None of those logins nor 2FA tokens were affected by this.
So, although this 2FA allows logins to Phabricator, it sounds like there
is
a separate 2FA for some people for Phabricator access, perhaps for people with LDAP logins, and that is the 2FA that is affected. Is this correct?
Correct. Phabricator has its own 2FA system for people to use.
You can see if you use it via your Account Settings, then clicking on "Multi-Factor Auth". That is the 2FA that is affected in this incident.
Best,
Greg
-- | Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E | | Dir. Engineering Productivity A18D 1138 8E47 FAC8 1C7D | _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l