After reading this [1] I am wondering if Wikimedia should start taking steps to reduce reliance on usernames and passwords. This issue is relevant to WMF and thematic organization staff email accounts, on-wiki accounts especially those with CU/OS and Arbcom roles, and other sensitive Wikimedia credentials. This issue also relevant to staff and volunteer accounts with third party services like Google Docs, Gmail, Skype, etc that are used to conduct Wikimedia related activities.
Pine
[1] http://mobile.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-m...
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start taking steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start taking steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
In terms of external authentication, we need Extension:OpenID to catch up to the OpenID standard in order to do that.
In terms of two-factor, I have like eight patches for Extension:OATHAuth attempting to make it production-worthy.
https://gerrit.wikimedia.org/r/132783 -- Tyler Romeo 0x405D34A7C86B42DF
From: svetlana svetlana@fastmail.com.au Reply: Wikimedia developers wikitech-l@lists.wikimedia.org> Date: August 6, 2014 at 7:57:12 To: wikitech-l@lists.wikimedia.org wikitech-l@lists.wikimedia.org> Subject: Re: [Wikitech-l] News about stolen Internet credentials; reducing Wikimedia reliance on usernames and passwords
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start taking steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
_______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Wed, Aug 6, 2014 at 8:26 AM, Tyler Romeo tylerromeo@gmail.com wrote:
In terms of external authentication, we need Extension:OpenID to catch up to the OpenID standard in order to do that.
In terms of two-factor, I have like eight patches for Extension:OATHAuth attempting to make it production-worthy.
Nice! I hadn't realized you had got so far on this. Maybe Ryan and I can get those merged in...
To address Risker's comment, OATH is an open standard with lots of tools to generate the tokens, so you can use a secure token if you want to be more secure, or a browser plugin if you're just worried about someone stealing your password (which would significantly help our threat model in countries where we can't force https).
Client TLS certificates are sadly really hard to manage in any sort of secure way, when you don't control the end user's machines.
-- Tyler Romeo 0x405D34A7C86B42DF
From: svetlana svetlana@fastmail.com.au Reply: Wikimedia developers wikitech-l@lists.wikimedia.org> Date: August 6, 2014 at 7:57:12 To: wikitech-l@lists.wikimedia.org wikitech-l@lists.wikimedia.org> Subject: Re: [Wikitech-l] News about stolen Internet credentials; reducing Wikimedia reliance on usernames and passwords
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start taking steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Thanks for the good news about OATH.
Are WMF staff required to use some form of authentication in addtion to a password for their email and other sensitive accounts? Now might be a good time to look at the security of staff account access. I would think about requiring Google's standard two factor authentication via password and cell phone.
Of course mobile phone security should also be considered. Encrypting all mobile phones (and other mobile devices like tablets and laptops) used for Foundation business would be good as well.
Pine
Pine On Aug 7, 2014 2:04 PM, "Chris Steipp" csteipp@wikimedia.org wrote:
On Wed, Aug 6, 2014 at 8:26 AM, Tyler Romeo tylerromeo@gmail.com wrote:
In terms of external authentication, we need Extension:OpenID to catch
up to the OpenID standard in order to do that.
In terms of two-factor, I have like eight patches for Extension:OATHAuth
attempting to make it production-worthy.
Nice! I hadn't realized you had got so far on this. Maybe Ryan and I can get those merged in...
To address Risker's comment, OATH is an open standard with lots of tools to generate the tokens, so you can use a secure token if you want to be more secure, or a browser plugin if you're just worried about someone stealing your password (which would significantly help our threat model in countries where we can't force https).
Client TLS certificates are sadly really hard to manage in any sort of secure way, when you don't control the end user's machines.
-- Tyler Romeo 0x405D34A7C86B42DF
From: svetlana svetlana@fastmail.com.au Reply: Wikimedia developers wikitech-l@lists.wikimedia.org> Date: August 6, 2014 at 7:57:12 To: wikitech-l@lists.wikimedia.org wikitech-l@lists.wikimedia.org> Subject: Re: [Wikitech-l] News about stolen Internet credentials;
reducing Wikimedia reliance on usernames and passwords
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start taking steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Aug 6, 2014 8:57 AM, "svetlana" svetlana@fastmail.com.au wrote:
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start taking steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
The solution to stolen credentials is to combine all credentials so that a single credential can control everything?
--bawolff
I think we should start looking at alternative authentication systems especially for high risk accounts. There are several variations on the theme of one-time passwords that I think could bd explored.
Pine On Aug 6, 2014 11:05 PM, "Brian Wolff" bawolff@gmail.com wrote:
On Aug 6, 2014 8:57 AM, "svetlana" svetlana@fastmail.com.au wrote:
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start
taking
steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
The solution to stolen credentials is to combine all credentials so that a single credential can control everything?
--bawolff _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
As someone with one of those "high risk" accounts, one time passwords would be more likely to make me drop those permissions. Any administrator has a "high risk" account given the opportunities that they have.
Risker/Anne
On 7 August 2014 07:59, Pine W wiki.pine@gmail.com wrote:
I think we should start looking at alternative authentication systems especially for high risk accounts. There are several variations on the theme of one-time passwords that I think could bd explored.
Pine On Aug 6, 2014 11:05 PM, "Brian Wolff" bawolff@gmail.com wrote:
On Aug 6, 2014 8:57 AM, "svetlana" svetlana@fastmail.com.au wrote:
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start
taking
steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
The solution to stolen credentials is to combine all credentials so that
a
single credential can control everything?
--bawolff _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Thu, Aug 7, 2014 at 9:49 AM, Risker risker.wp@gmail.com wrote:
As someone with one of those "high risk" accounts, one time passwords would be more likely to make me drop those permissions. Any administrator has a "high risk" account given the opportunities that they have.
Risker/Anne
+1.
I'm lazy and wouldn't want the burden of remembering more than "password123" as my password (same password I use everywhere, again, I'm lazy)
-Chad
On 7 August 2014 10:49, Chad innocentkiller@gmail.com wrote:
On Thu, Aug 7, 2014 at 9:49 AM, Risker risker.wp@gmail.com wrote:
As someone with one of those "high risk" accounts, one time passwords
would
be more likely to make me drop those permissions. Any administrator has
a
"high risk" account given the opportunities that they have.
Risker/Anne
+1.
I'm lazy and wouldn't want the burden of remembering more than "password123" as my password (same password I use everywhere, again, I'm lazy)
Oh I have no problem with regular forced password changes, say quarterly or so; I'm used to that in other contexts. But not a one-time password, which will actually increase risk because people will choose "keep me logged in" to avoid having to get a new password every time they want to log in.
These tend also to be solutions coming from moneyed countries, and some of these things involve technology that is not globally available.
Risker/Anne
Oh I have no problem with regular forced password changes, say quarterly or so; I'm used to that in other contexts. But not a one-time password, which will actually increase risk because people will choose "keep me logged in" to avoid having to get a new password every time they want to log in.
I believe there's some research to suggest that quarterly password changes decrease overall security. I personally would not like having to do that.
These tend also to be solutions coming from moneyed countries, and some of these things involve technology that is not globally available.
I'm not sure what you mean by that.
--bawolff
On 7 August 2014 12:04, Brian Wolff bawolff@gmail.com wrote:
Oh I have no problem with regular forced password changes, say quarterly
or
so; I'm used to that in other contexts. But not a one-time password,
which
will actually increase risk because people will choose "keep me logged
in"
to avoid having to get a new password every time they want to log in.
I believe there's some research to suggest that quarterly password changes decrease overall security. I personally would not like having to do that.
These tend also to be solutions coming from moneyed countries, and some
of
these things involve technology that is not globally available.
I'm not sure what you mean by that.
A lot of the "solutions" normally bandied about involve things like two-factor identification, which has the "additional" password coming through a separate route (e.g., gmail two-factor ID sends a second password as a text to a mobile) and means having more expensive technology) or using technology like dongles that cannot be sent to users in certain countries.
I stick to my strong passwords and also subscribe to the xkcd password theory.[1]
Risker/Anne
On Thu, Aug 7, 2014 at 8:10 AM, Risker risker.wp@gmail.com wrote:
A lot of the "solutions" normally bandied about involve things like two-factor identification, which has the "additional" password coming through a separate route (e.g., gmail two-factor ID sends a second password as a text to a mobile) and means having more expensive technology) or using technology like dongles that cannot be sent to users in certain countries.
Actually, most modern internet implementations use the TOTP algorithm open standard that anyone can use for free. https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm One of the most common methods, other than through text messages, is the Google Authenticator App that anyone can download for free on a smart phone. https://en.wikipedia.org/wiki/Google_Authenticator.
I'm not sure we can make any of these extra protections *required* without a lot of discussion, but giving people the option will certainly help. Wikimedians are usually a pretty geeky and paranoid bunch, so I think a good amount of people would take advantage of additional security features. This is especially true given how many people use https://en.wikipedia.org/wiki/Template:User_committed_identity on enwiki, something I've never really understood the point of. :-)
On Thu, Aug 7, 2014 at 6:58 AM, Casey Brown lists@caseybrown.org wrote:
On Thu, Aug 7, 2014 at 8:10 AM, Risker risker.wp@gmail.com wrote:
A lot of the "solutions" normally bandied about involve things like two-factor identification, which has the "additional" password coming through a separate route (e.g., gmail two-factor ID sends a second
password
as a text to a mobile) and means having more expensive technology) or
using
technology like dongles that cannot be sent to users in certain
countries.
Actually, most modern internet implementations use the TOTP algorithm open standard that anyone can use for free. https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm One of the most common methods, other than through text messages, is the Google Authenticator App that anyone can download for free on a smart phone. https://en.wikipedia.org/wiki/Google_Authenticator.
Yep. This. It's already being used for high-risk accounts on wikitech.wikimedia.org. It's not in good enough shape to be used anywhere else, since if you lose your device you'd lose your account. Supporting two factor auth also requires supporting multiple ways to rescue your account if you lose your device (and don't write down your scratch tokens, which is common). Getting this flow to work in a way that actually adds any security benefit is difficult. See the amount of effort Google has gone through for this.
Let's be a little real here, though. There's honestly no good reason to target these accounts. There's basically no major damage they can do and there's very little private information accessible to them, so attackers don't really care enough to attack them.
We should take basic account security seriously, but we shouldn't go overboard.
- Ryan
There are "good" reasons people would target checkuser accounts, WMF staff email accounts, and other accounts that have access to lots of private info like functionary email accounts and accounts with access to restricted IRC channels.
Pine
On Thu, Aug 7, 2014 at 11:21 AM, Ryan Lane rlane32@gmail.com wrote:
On Thu, Aug 7, 2014 at 6:58 AM, Casey Brown lists@caseybrown.org wrote:
On Thu, Aug 7, 2014 at 8:10 AM, Risker risker.wp@gmail.com wrote:
A lot of the "solutions" normally bandied about involve things like two-factor identification, which has the "additional" password coming through a separate route (e.g., gmail two-factor ID sends a second
password
as a text to a mobile) and means having more expensive technology) or
using
technology like dongles that cannot be sent to users in certain
countries.
Actually, most modern internet implementations use the TOTP algorithm open standard that anyone can use for free. https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm One of the most common methods, other than through text messages, is the Google Authenticator App that anyone can download for free on a smart phone. https://en.wikipedia.org/wiki/Google_Authenticator.
Yep. This. It's already being used for high-risk accounts on wikitech.wikimedia.org. It's not in good enough shape to be used anywhere else, since if you lose your device you'd lose your account. Supporting two factor auth also requires supporting multiple ways to rescue your account if you lose your device (and don't write down your scratch tokens, which is common). Getting this flow to work in a way that actually adds any security benefit is difficult. See the amount of effort Google has gone through for this.
Let's be a little real here, though. There's honestly no good reason to target these accounts. There's basically no major damage they can do and there's very little private information accessible to them, so attackers don't really care enough to attack them.
We should take basic account security seriously, but we shouldn't go overboard.
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Thu, Aug 7, 2014 at 11:27 AM, Pine W wiki.pine@gmail.com wrote:
There are "good" reasons people would target checkuser accounts, WMF staff email accounts, and other accounts that have access to lots of private info like functionary email accounts and accounts with access to restricted IRC channels.
WMF uses gmail; they should force-require the use of two factor authentication for their employees if they care about that. Restricted IRC channels also don't have anything to do with Wikimedia wiki account security (and IRC security is a joke anyway, so if we're really relying on that to be secure, shame on us).
- Ryan
There are sensitive communications over IRC such as harassment investigations, although hopefully not to the degree that sensitive info goes over email. I use what is advertised as a secure method of accessing IRC, but that is still probably much weaker than end-to-end email encryption. We could look into a more secure messaging system, but my top concern is the security of staff email, Google Docs, staff accounts with access to un-sanitized analytics data. I would start there, followed by Arbcom/CU/OS wiki and email accounts, and probably IRC last.
Pine
On Thu, Aug 7, 2014 at 11:34 AM, Ryan Lane rlane32@gmail.com wrote:
On Thu, Aug 7, 2014 at 11:27 AM, Pine W wiki.pine@gmail.com wrote:
There are "good" reasons people would target checkuser accounts, WMF
staff
email accounts, and other accounts that have access to lots of private
info
like functionary email accounts and accounts with access to restricted
IRC
channels.
WMF uses gmail; they should force-require the use of two factor authentication for their employees if they care about that. Restricted IRC channels also don't have anything to do with Wikimedia wiki account security (and IRC security is a joke anyway, so if we're really relying on that to be secure, shame on us).
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
My staff email is boring. You're more than welcome to break in.
-Chad On Aug 7, 2014 7:27 PM, "Pine W" wiki.pine@gmail.com wrote:
There are "good" reasons people would target checkuser accounts, WMF staff email accounts, and other accounts that have access to lots of private info like functionary email accounts and accounts with access to restricted IRC channels.
Pine
On Thu, Aug 7, 2014 at 11:21 AM, Ryan Lane rlane32@gmail.com wrote:
On Thu, Aug 7, 2014 at 6:58 AM, Casey Brown lists@caseybrown.org
wrote:
On Thu, Aug 7, 2014 at 8:10 AM, Risker risker.wp@gmail.com wrote:
A lot of the "solutions" normally bandied about involve things like two-factor identification, which has the "additional" password coming through a separate route (e.g., gmail two-factor ID sends a second
password
as a text to a mobile) and means having more expensive technology) or
using
technology like dongles that cannot be sent to users in certain
countries.
Actually, most modern internet implementations use the TOTP algorithm open standard that anyone can use for free. https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm One of the most common methods, other than through text messages, is the Google Authenticator App that anyone can download for free on a smart phone. https://en.wikipedia.org/wiki/Google_Authenticator.
Yep. This. It's already being used for high-risk accounts on wikitech.wikimedia.org. It's not in good enough shape to be used
anywhere
else, since if you lose your device you'd lose your account. Supporting
two
factor auth also requires supporting multiple ways to rescue your account if you lose your device (and don't write down your scratch tokens, which
is
common). Getting this flow to work in a way that actually adds any
security
benefit is difficult. See the amount of effort Google has gone through
for
this.
Let's be a little real here, though. There's honestly no good reason to target these accounts. There's basically no major damage they can do and there's very little private information accessible to them, so attackers don't really care enough to attack them.
We should take basic account security seriously, but we shouldn't go overboard.
- Ryan
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On 08/07/2014 09:58 AM, Casey Brown wrote:
One of the most common methods, other than through text messages, is the Google Authenticator App that anyone can download for free on a smart phone. https://en.wikipedia.org/wiki/Google_Authenticator.
There are also open source versions of this (including one on F-Droid).
Both text messaging and Android are pretty widely deployed, including in non-western countries. In a lot of places, mobile is more widely deployed than desktop, so I think there are a lot of people who could take advantage of two-factor authentication.
It helps that the app versions (e.g. Google Authenticator) do not even require Internet access.
Matt
Hm... and I am a lazy hacker, so now when you told us your password, could you please give me your username as well so that I don't have to search it? Thanks! :P
On Thu, Aug 7, 2014 at 11:49 AM, Chad innocentkiller@gmail.com wrote:
I'm lazy and wouldn't want the burden of remembering more than "password123" as my password (same password I use everywhere, again, I'm lazy)
-Chad _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
nevermind, I just figured out that I can edit almost anything on wikipedia even without password... what a hacker am I!
BTW: those with high-risk accounts should use strong passwords, which could be very safe at some point. I once suggested some security enhancements that wouldn't impact users at all, but they weren't supported much with reason that sounded to me like "nobody cares about security on projects like wikipedia"
On Thu, Aug 7, 2014 at 12:59 PM, Petr Bena benapetr@gmail.com wrote:
Hm... and I am a lazy hacker, so now when you told us your password, could you please give me your username as well so that I don't have to search it? Thanks! :P
On Thu, Aug 7, 2014 at 11:49 AM, Chad innocentkiller@gmail.com wrote:
I'm lazy and wouldn't want the burden of remembering more than "password123" as my password (same password I use everywhere, again, I'm lazy)
-Chad _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
I think a two-way-authentification is the first, good step to increase the security for account authentification, like wikitech still use it. But it's still a user decision to activate i tor not?
Freundliche Grüße / Kind regards Florian
-----Ursprüngliche Nachricht----- Von: wikitech-l-bounces@lists.wikimedia.org [mailto:wikitech-l-bounces@lists.wikimedia.org] Im Auftrag von Risker Gesendet: Donnerstag, 7. August 2014 10:50 An: Wikimedia developers Betreff: Re: [Wikitech-l] News about stolen Internet credentials; reducing Wikimedia reliance on usernames and passwords
As someone with one of those "high risk" accounts, one time passwords would be more likely to make me drop those permissions. Any administrator has a "high risk" account given the opportunities that they have.
Risker/Anne
On 7 August 2014 07:59, Pine W wiki.pine@gmail.com wrote:
I think we should start looking at alternative authentication systems especially for high risk accounts. There are several variations on the theme of one-time passwords that I think could bd explored.
Pine On Aug 6, 2014 11:05 PM, "Brian Wolff" bawolff@gmail.com wrote:
On Aug 6, 2014 8:57 AM, "svetlana" svetlana@fastmail.com.au wrote:
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start
taking
steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
The solution to stolen credentials is to combine all credentials so that
a
single credential can control everything?
--bawolff _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
_______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Do you have anything specific in mind? Hard to say how feasible something is/evaluate without being more specific.
Most non-password alternatives that I can think of (e.g. Having public private key pairs or something) have the problem that they can't really be integrated well enough into a web browser based environment that folks other than the most technical of users find them an acceptable burden.
--bawolff On 8/7/14, Pine W wiki.pine@gmail.com wrote:
I think we should start looking at alternative authentication systems especially for high risk accounts. There are several variations on the theme of one-time passwords that I think could bd explored.
Pine On Aug 6, 2014 11:05 PM, "Brian Wolff" bawolff@gmail.com wrote:
On Aug 6, 2014 8:57 AM, "svetlana" svetlana@fastmail.com.au wrote:
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start
taking
steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
The solution to stolen credentials is to combine all credentials so that a single credential can control everything?
--bawolff _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Thursday, August 7, 2014, Brian Wolff bawolff@gmail.com wrote:
Do you have anything specific in mind? Hard to say how feasible something is/evaluate without being more specific.
Most non-password alternatives that I can think of (e.g. Having public private key pairs or something) have the problem that they can't really be integrated well enough into a web browser based environment that folks other than the most technical of users find them an acceptable burden.
--bawolff
I've long wondered about that. Are there really no browser based public key based solutions? Are there any fundamental reasons why that is like that other than that it never got implemented, or never became popular?
It seems like the "right" solution for the password problem.
-Martijn
On 8/7/14, Pine W <wiki.pine@gmail.com javascript:;> wrote:
I think we should start looking at alternative authentication systems especially for high risk accounts. There are several variations on the theme of one-time passwords that I think could bd explored.
Pine On Aug 6, 2014 11:05 PM, "Brian Wolff" <bawolff@gmail.com javascript:;>
wrote:
On Aug 6, 2014 8:57 AM, "svetlana" <svetlana@fastmail.com.au
javascript:;> wrote:
On Wed, 6 Aug 2014, at 21:49, Andre Klapper wrote:
On Tue, 2014-08-05 at 22:05 -0700, Pine W wrote:
After reading this [1] I am wondering if Wikimedia should start
taking
steps to reduce reliance on usernames and passwords.
What "steps" do you refer to, or is this intentionally vague? Disallowing usernames and logins? Two-step authentication/verification? Something else?
andre
from what i could read and parse: use less of external things like skype and google accounts so that there is only 1 username for everything
The solution to stolen credentials is to combine all credentials so
that a
single credential can control everything?
--bawolff _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org javascript:; https://lists.wikimedia.org/mailman/listinfo/wikitech-l
On Thu, 7 Aug 2014, at 19:50, Martijn Hoekstra wrote:
On Thursday, August 7, 2014, Brian Wolff bawolff@gmail.com wrote:
Do you have anything specific in mind? Hard to say how feasible something is/evaluate without being more specific.
Most non-password alternatives that I can think of (e.g. Having public private key pairs or something) have the problem that they can't really be integrated well enough into a web browser based environment that folks other than the most technical of users find them an acceptable burden.
--bawolff
I've long wondered about that. Are there really no browser based public key based solutions? [...] -Martijn
certfp authentication ? ex. https://freenode.net/certfp/certfp-chatzilla.shtml
svetlana
I've long wondered about that. Are there really no browser based public key based solutions? Are there any fundamental reasons why that is like that other than that it never got implemented, or never became popular?
It seems like the "right" solution for the password problem.
-Martijn
I think TLS has a feature where the client can also provide a certificate, in order to use certificates to authenticate users. I've never heard of a site actually using it.
--bawolff
On Aug 7, 2014, at 6:01, "Brian Wolff" bawolff@gmail.com wrote:
I've long wondered about that. Are there really no browser based public key based solutions? Are there any fundamental reasons why that is like that other than that it never got implemented, or never became popular?
It seems like the "right" solution for the password problem.
-Martijn
I think TLS has a feature where the client can also provide a certificate, in order to use certificates to authenticate users. I've never heard of a site actually using it.
I'd have to research the particulars, but I've seen many government/corporate sites use TLS for user authentication with the Apache HTTP Server or JBoss. I know we bounced the client certs off of CAs and CRLs on the server for authentication, but don't remember how we shared the distinguished name (DN) with the higher level program (e.g. PHP) for authorization. I'll see what I can find.
--Shawn
On Thu, Aug 7, 2014 at 6:01 AM, Brian Wolff bawolff@gmail.com wrote:
I think TLS has a feature where the client can also provide a certificate, in order to use certificates to authenticate users. I've never heard of a site actually using it.
Indeed.
https://www.mediawiki.org/wiki/Extension:SSLClientAuthentication
*-- * *Tyler Romeo* Stevens Institute of Technology, Class of 2016 Major in Computer Science
On 08/07/2014 05:27 AM, Brian Wolff wrote:
Most non-password alternatives that I can think of (e.g. Having public private key pairs or something) have the problem that they can't really be integrated well enough into a web browser based environment that folks other than the most technical of users find them an acceptable burden.
At least part of the problem is that this requires that private key to be distributed on every device from which access will be sought. This means that while it may be reasonable to use that at one's "base of operations" it would cripple access from mobile devices / one's friend's house / the library.
What mediawiki needs is a "safe mode" - allowing a user to log in with no magical bits. Only with the presence of that mode does it become reasonable to require secondary mechanism to authenticate "more" for access to advanced permissions.
-- Marc
wikitech-l@lists.wikimedia.org