Do those of us using Phabricator 2FA need to take any action?
On Fri, Jan 17, 2020 at 7:38 AM Greg Grossmeier <greg(a)wikimedia.org> wrote:
Keeping this thread on-list to help others who might
be unsure.
Hello Pine,
On Thu, Jan 16, 2020 at 4:23 PM Pine W <wiki.pine(a)gmail.com> wrote:
The way that I log into Phab is by using
https://phabricator.wikimedia.org/auth/start/?next=%2F, and then logging
into MediaWiki and authorizing Phab to access my credentials. The
MediaWiki
login including the 2FA is the same that I use
for many other Wikimedia
sites.
Correct, you are logging into your MediaWiki account with your 2FA token,
then you are logging into Phabricator via OAuth.
None of those logins nor 2FA tokens were affected by this.
So, although this 2FA allows logins to
Phabricator, it sounds like there
is
a separate 2FA for some people for Phabricator
access, perhaps for people
with LDAP logins, and that is the 2FA that is affected. Is this correct?
Correct. Phabricator has its own 2FA system for people to use.
You can see if you use it via your Account Settings, then clicking on
"Multi-Factor Auth". That is the 2FA that is affected in this incident.
Best,
Greg
--
| Greg Grossmeier GPG: B2FA 27B1 F7EB D327 6B8E |
| Dir. Engineering Productivity A18D 1138 8E47 FAC8 1C7D |
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l