Two factor auth reset needed on wikitech

List overview All Threads
Download

newer

older

Labs migration starts on Tuesday

Roadmap and Deployment highlight -...

Matthew Walker

28 Feb 2014 28 Feb '14

4:15 p.m.

Wikitech admin peoples! I was doing bad things to my phone last night (reflashing it) and I lost the 2 factor auth metadata for my authentication app. Because of this I can no longer log in to wikitech. I wasn't able to find any documentation on wikitech about how to reset it -- so I need your help to do that I think? I still know my password; so I'm not looking to reset that -- maybe just temporarily disable two factor auth on my account (Mwalker) and I'll re-enroll myself? ~Matt Walker Wikimedia Foundation Fundraising Technology Team

Show replies by thread

Jeremy Baron

28 Feb 28 Feb

4:23 p.m.

On Fri, Feb 28, 2014 at 9:15 PM, Matthew Walker <mwalker(a)wikimedia.org> wrote:

...

I wasn't able to find any documentation on wikitech about how to reset it -- so I need your help to do that I think? I still know my password; so I'm not looking to reset that -- maybe just temporarily disable two factor auth on my account (Mwalker) and I'll re-enroll myself?

I don't know that much about the process but I believe step one is to find the slips of paper that you wrote down the codes that you're supposed to use in this very situation. -Jeremy

Matthew Walker

4:32 p.m.

Don't have them :p ~Matt Walker Wikimedia Foundation Fundraising Technology Team On Fri, Feb 28, 2014 at 1:23 PM, Jeremy Baron <jeremy(a)tuxmachine.com> wrote:

...

On Fri, Feb 28, 2014 at 9:15 PM, Matthew Walker <mwalker(a)wikimedia.org> wrote:

I wasn't able to find any documentation on wikitech about how to reset it -- so I need your help to do that I think? I still know my password; so

I'm

not looking to reset that -- maybe just temporarily disable two factor

auth

on my account (Mwalker) and I'll re-enroll myself?

I don't know that much about the process but I believe step one is to find the slips of paper that you wrote down the codes that you're supposed to use in this very situation. -Jeremy _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Chris Steipp

4:51 p.m.

Correct, the scratch codes are the only way to login. If you don't have this, you'll have to get someone to remove your preference in the db. On Feb 28, 2014 1:32 PM, "Matthew Walker" <mwalker(a)wikimedia.org> wrote:

...

Don't have them :p ~Matt Walker Wikimedia Foundation Fundraising Technology Team On Fri, Feb 28, 2014 at 1:23 PM, Jeremy Baron <jeremy(a)tuxmachine.com> wrote:

On Fri, Feb 28, 2014 at 9:15 PM, Matthew Walker <mwalker(a)wikimedia.org> wrote: > I wasn't able to find any documentation on wikitech about how to reset

-- so I need your help to do that I think? I still know my password; so

I'm

not looking to reset that -- maybe just temporarily disable two factor

auth

on my account (Mwalker) and I'll re-enroll myself?

_______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Matthew Walker

5:23 p.m.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please reset my 2 factor auto preference in the wikitech database. My GPG key is available from the MIT keyserver [0]. Establishment of ownership of the Mwalker LDAP account by this email can occur via gerrit [1], or the edit history of my user page on [2]. (Incidently; I should probably get more signatures on my key... anyone in the office want to sign it?) Thanks, Matt Walker [0] D731C1C0 -- available from http://pgp.mit.edu/pks/lookup?search=mwalker%40wikimedia.org&op=indexi [1] https://gerrit.wikimedia.org/r/#/admin/groups/28,members [2] https://wikitech.wikimedia.org/wiki/User:Mwalker

...PGP SIGNATURE...

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQIcBAEBAgAGBQJTEQxXAAoJEM++CSTXMcHA2oAP/2J+O/MiF1TiF0QYGiGxyeUr i7JIEvlU29GxaLiSg6BSsnlXOyZbXUcqWMY2tVKoqWM+YCy9QacboPOsrNHZ0tEo QyVbCohrlk5RCeG24APx7rqh40RUAjzbkE2OQvVK5mqLEdK7cmA09q6hUYPnj1wT ghIPI7FU9AHkfkRQiizVsOOVq4A8L+lQcspPRgHhATLE/K1mEsqsSBLw9hp2yWwf 5Hh9lO7L4sph7z+gkEJaAFqqnMbSKwsazN4MVjLaandnKDtteLsRZvIgkyjDBJ6s DNc3DVQpMi+xjKnYd5wtfwhsn9BHJdxRpqSnKvo91G9nqvsnQb8UAosTLJvmeDIl 49dEarqQMHmEE/gEwbLj9I6RhDC9y5ScbfuA6CUHEBbIBqaB3nrRdJoZvlDLXlrd 8ulv8v6ym9gRsdM/RA3jQdoj25f5dDS8+e0NNG8d1oyPmR/L7Qb6fZ1RDslBq56F Pjy6bULR51lSzvjQhmi8oH2+FEFXprUiYbs8IgAXZYA96UFJA+r3h9q7vCOXl8HG uqzZdmKfuSP76rHrij3FYr+VDZaDNMdL+gc8Msu8cFZixiBf0LEGYlvNqaWwg6E7 OG02ydwiNwjHrMmeNUrmpmoB/YTR/X02+LzBc1LK33jPEi/9DdDdEJKy6J+HZZdM xmVsW91PrGfxWCXG/qAB =bgH5 -----END PGP SIGNATURE-----

Jeremy Baron

5:43 p.m.

On Fri, Feb 28, 2014 at 10:23 PM, Matthew Walker <mwalker(a)wikimedia.org> wrote:

...

Please reset my 2 factor auto preference in the wikitech database. My GPG key is available from the MIT keyserver [0]. Establishment of ownership of the Mwalker LDAP account by this email can occur via gerrit [1], or the edit history of my user page on [2].

I'm not sure how any of that establishes anything?

...

(Incidently; I should probably get more signatures on my key... anyone in the office want to sign it?)

The simplest option if you're in the office is to just tell an op in person. (who can verify who you are because they know you)

...

[0] D731C1C0 -- available from http://pgp.mit.edu/pks/lookup?search=mwalker%40wikimedia.org&op=indexi

Please don't use short key IDs. Also, any other user could make a key with the same address you used and submit it to the keyserevers and then it would also show up in search results for your address. (plus we shouldn't trust the keyservers themselves so much) More about short key IDs: http://www.asheesh.org/note/debian/short-key-ids-are-bad-news.html

...

[1] https://gerrit.wikimedia.org/r/#/admin/groups/28,members [2] https://wikitech.wikimedia.org/wiki/User:Mwalker

[2] redirects (somehow??) to another domain. Maybe better to link straight to the history page. https://wikitech.wikimedia.org/w/index.php?title=user:mwalker&action=hi… -Jeremy

Matthew Walker

5:58 p.m.

On Fri, Feb 28, 2014 at 2:43 PM, Jeremy Baron <jeremy(a)tuxmachine.com> wrote:

...

On Fri, Feb 28, 2014 at 10:23 PM, Matthew Walker <mwalker(a)wikimedia.org> wrote:

I'm not sure how any of that establishes anything?

I'm attempting to establish, I think the term is, a preponderance of truth from less trusted authorities. Beyond this point though the argument becomes silly; because if I own those accounts (and I do); I can submit, +2 things, deploy to the site (because I'm part of the deployment group), etc.

...

(Incidently; I should probably get more signatures on my key... anyone in the office want to sign it?)

The simplest option if you're in the office is to just tell an op in person. (who can verify who you are because they know you)

I'm assuming that not all ops people know how to do this / or are willing to find out. And not all opsens are located in the office. Additionally, we submit SSH key revocation requests via email -- I'm just doing the same thing in a public list because this a more public resource and I started with the assumption that I didn't need a root to do this.

...

[2] redirects (somehow??) to another domain. Maybe better to link straight to the history page. https://wikitech.wikimedia.org/w/index.php?title=user:mwalker&action=hi…

It's using #REDIRECT; you're correct though in that it should be a soft redirect. I'd change it; but... I can't... :p

MZMcBride

8:54 p.m.

Jeremy Baron wrote:

...

On Fri, Feb 28, 2014 at 10:23 PM, Matthew Walker <mwalker(a)wikimedia.org> wrote:

[2] https://wikitech.wikimedia.org/wiki/User:Mwalker

[2] redirects (somehow??) to another domain.

That page contains "#REDIRECT [[meta:User:Mwalker (WMF)]]". Presumably the wiki at wikitech.wikimedia.org has $wgDisableHardRedirects set to false. https://www.mediawiki.org/wiki/Manual:$wgDisableHardRedirects MZMcBride

3702

days inactive

3703

days old

wikitech-l@lists.wikimedia.org

Manage subscription

7 comments

4 participants

tags (0)

participants (4)

Chris Steipp
Jeremy Baron
Matthew Walker
MZMcBride