Talk:Global sysops/2019

Latest comment: 5 years ago by BWolff (WMF) in topic 2FA?

2FA?

On 2018-09-12 global sysop became interface-admin equivalents within their wikiset. Would someone from WMF determine if this group should be listed in the "mandatory two-factor authentication" section, and if so ensure that it is included in the manual WMF audit process. Ping to User:BWolff (WMF) who has been involved in similar discussions. — xaosflux Talk 14:03, 1 April 2019 (UTC)

Alternatively, unbundle those rights from the GS group. (The global editinterface group already exists, although it is not restricted to the GS wikiset.) Was there even a discussion when those rights were added to the GS group? PiRSquared17 (talk) 14:32, 2 April 2019 (UTC)
I cannot see any point in doing that. GSes commonly handle SRM requests and similar, involving interface edits and there has never been a discussion to not allow them to do this, anymore. --Vogone (talk) 14:39, 2 April 2019 (UTC)
I Agree with Vogone, and also, increasing the security for GS that manage 400-500 wikis make sense to me.--AldNonymousBicara? 14:57, 2 April 2019 (UTC)
I agree. There is a relatively frequent need for interface edits on small wikis. And regardless, GS’s should have 2FA enabled. Vermont (talk) 16:20, 2 April 2019 (UTC)
I followed up with rest of security team - Anyone with editinterface rights has to have 2FA enabled - so all GS's either need 2FA or editinterface needs to be unbundled from this group. BWolff (WMF) (talk) 14:42, 9 April 2019 (UTC)
Yes that's fine. BWolff (WMF) (talk) 16:32, 9 April 2019 (UTC)
More concretely, please everyone try to have it enabled by this time next week (Not a hard-deadline, but it would make me happy). BWolff (WMF) (talk) 19:15, 9 April 2019 (UTC)
@BWolff (WMF):   Done. By the way, will my committed SHA512 identity on my userpage be sufficient to gain access to my account if I ever lose it? PiRSquared17 (talk) 17:42, 16 April 2019 (UTC)
So Trust&Safety handles the restoring accounts process. Provided committed identity is done properly, yes it should be enough to restore your account to you (Our internal docs on this are at wikitech:Password_reset/Confirming_identities). But please keep the backup codes somewhere safe, as using those is a much easier process than having to use your committed identity to get your account back. BWolff (WMF) (talk) 06:11, 23 April 2019 (UTC)
Return to "Global sysops/2019" page.