Help talk:Two-factor authentication/Archives/2017

Hi. I have enabled 2FA, and I've saved my one-time-use scratch codes in what I believe is a secure manner.

I also have a "committed identity", which I set up on enwiki some time ago.

If (theoretically) I were to lose my 2FA device and also lose my scratch codes, would anyone at all be able/willing to restore access to my account based on my "committed identity" info on enwiki? Or is this simply not possible, and I might as well just discard my (now-obsolete) committed identity info?

This is just a hypothetical question (and hopefully will remain so), but I believe it's worth asking. Thanks. — Richwales (no relation to Jimbo) 20:48, 1 February 2017 (UTC)

Is 2FA going to be available for all users at some point in the future? Do you already have an ETA? I would prefer to use 2FA for good reasons right now, but I do not have sysop rights in any project to activate it for my SUL account. —MisterSynergy (talk) 19:58, 14 April 2017 (UTC)

I second this. There's no reason why 2FA should be limited to any group. Just because I'm a sysop on EnWP doesn't mean that other users are undeserving of the security I'm afforded. — Scott • talk 12:22, 25 August 2017 (UTC)

I still support the idea to make this available to all users, but I meanwhile learnt why they probably won’t do this soon (or at all). They told me in IRC that too many users mess up their accounts with 2FA, and Wikimedia does not have capacities for a user support department to deal with such cases, unlike many large (commercial) web services. —MisterSynergy (talk) 14:11, 25 August 2017 (UTC)

Currently, 2FA allows multiple devices to be used, but all of them need to be set up in one go. This is because the software does not allow the set-up page to be seen again without disabling 2FA first.

I've opened phab:T172079 to discuss this. I believe that, when a user who is currently using 2FA visit Special:OATH, there should be the option to go to the 2FA setup page with existing secret keys and scratch codes unchanged. That will allow multiple devices to be used in 2FA and solve the common reason many users with advanced permissions don't take up 2FA - that their phone becomes a vulnerability because phones are more likely to break than passwords are likely to be leaked. Deryck C. 22:15, 30 July 2017 (UTC)

What I did was to print the QR code the wiki provided me, scanned it in a second device, verified that both codes are the same and work; then store the printed codes, etc; in a safe. —MarcoAurelio (talk) 20:57, 31 July 2017 (UTC)

Google Authenticator doesn't seem good at allowing device changes. Is anyone able to simply explain how to switch over from one to another? Timrollpickering (talk) 10:26, 5 September 2017 (UTC)

Disabling 2FA with the old one, and then re-enabling 2FA with the new one would be the simplest approach. —TheDJ (talk • contribs) 13:42, 5 September 2017 (UTC)

My phone was reset and I lost everything, so my browser's cache is what I have left to access my account. Is there any way to rescue it?--Lê (talk) 05:44, 17 September 2017 (UTC)

Lê You should contact ca wikimedia org -or- create a private Phabricator ticket to have the OATHAuth thing removed. It is highly adviceable that you keep the scratch codes in a safe place next time. —MarcoAurelio (talk) 11:34, 17 September 2017 (UTC)

We are seeing many requests recently about people that have lost everything. It'd be good to have a section telling them what to do (emailing ca wikimedia org or creating a private Phabricator ticket). Some information can be found at wikitech:Password_reset#Reset_two_factor_authentication. —MarcoAurelio (talk) 11:37, 17 September 2017 (UTC)