Talk:Interface administrators
This page is for discussions related to the Interface administrators page. Please remember to:
|
SpBot archives all sections tagged with {{Section resolved|1=~~~~}} after 3 days and sections whose most recent comment is older than 30 days. For the archive overview, see /Archives. The latest archive is located at /Archives/2018.
|
2FA requirement
editWhat happens if an interface administrator doesn't have 2FA and their account is hacked? Can they get into trouble because it's required for legal reasons? The mass message that was sent to projects about the new password requirements didn't mention 2FA for interface admins so I don't think everyone even knows about it. -kyykaarme (talk) 22:34, 4 January 2019 (UTC)
- @Kyykaarme: you'd have to ask legal@wikimedia.org or your attorney for legal advice. — xaosflux Talk 00:25, 5 January 2019 (UTC)
- From a community point of view, you could have permissions removed, your account locked, and you could be barred from having access in the future. — xaosflux Talk 00:25, 5 January 2019 (UTC)
- Thank you for the reply. I hope the WMF is still planning to inform the projects about it, because the requirement was added months after the group was created so it's possible that some users or even projects are unaware of it. -kyykaarme (talk) 18:19, 8 January 2019 (UTC)
- @Kyykaarme: they began emailing the individual users, I think they are hoping for a technical enforcement to get completed soon. — xaosflux Talk 19:21, 8 January 2019 (UTC)
- Good to know, thanks! -kyykaarme (talk) 21:12, 8 January 2019 (UTC)
- @Kyykaarme: they began emailing the individual users, I think they are hoping for a technical enforcement to get completed soon. — xaosflux Talk 19:21, 8 January 2019 (UTC)
- Thank you for the reply. I hope the WMF is still planning to inform the projects about it, because the requirement was added months after the group was created so it's possible that some users or even projects are unaware of it. -kyykaarme (talk) 18:19, 8 January 2019 (UTC)
- From a community point of view, you could have permissions removed, your account locked, and you could be barred from having access in the future. — xaosflux Talk 00:25, 5 January 2019 (UTC)
Ad hoc assignment and 2FA
editOn some smaller projects (/me waves hands vaguely), the practice is that temporary extended permissions are assigned ad hoc by request to a local bureaucrat. +sysop has a full process and is assigned permanently, but anything else is done ad hoc. Prior to interface admin, this included giving normal users +sysop temporarily if they were going to work on Common.js or similar.
When interface admin was introduced there was a discussion on how to handle it, and the main sentiment was that we could treat interface admin the same way and no special policy for it was needed.
The net result is that we currently have no local interface admins (despite actually having volunteers for it).
Now, so far as I can divine from this page, there is no exemption to the 2FA requirement for temporary ad hoc assignments of interface admin, so at a minimum the local bureaucrats would have to check that whoever asked does in fact have 2FA enabled? Is there any way for them to actually do that? Is it now possible for users to get 2FA enabled without already holding advanced permissions (i.e. a hypotethical normal user asking a local bureaucrat for temporary interface admin)?
Also, my reading of this page suggests to me an assumption that there will be an actual written policy on the project regulating how to assign interface admin, including, for example, a requirement to check for 2FA. But that may be just me reading too much into it? Would I need to persuade a policy-averse local community to develop such a policy in order to solve this without putting our local bureaucrats in a bind? Or running into problems with the Stewards if we ever lose our local bureaucrats?
In any case, our lack of local interface admins is becoming increasingly problematic, so I'm trying to figure out what formalities actually apply (or don't, as the case may be) so we can correct that. --Xover (talk) 22:36, 6 February 2020 (UTC)
- There is currently no way to check if 2FA is enabled (but see phab:T209749). If you don't have permissions that already include the ability to enable 2FA (eg sysop) you can request 2fa tester at SRGP --DannyS712 (talk) 22:57, 6 February 2020 (UTC)
- @Xover: I wouldn't worry about it too much. Tell those who apply that the global policy requires them to use 2FA and leave it at that. If the site operators seriously want to mandate 2FA, they should enforce it on the software level (and no doubt they will at some point). If you are particularly worried about some specific person ignoring the policy, you can always ask the developers (through Trust and Safety, for example) to verify it, but generally this is one of thos steak knives things - it's fine to just assume people are honest and honor the policy. --Tgr (talk) 21:07, 7 February 2020 (UTC)
- @Tgr: Well, I'm mostly worried about putting the local bureaucrats in a bind: if there are global (outside of local project policy scope) formal requirements, the bureaucrats are the ones that will in principle be answerable for it since they're the ones assigning the bit. Not to mention that I'd rather not suddenly discover that we've been doing it all wrong when we suddenly, for whatever reason, need to ask the Stewards for help with something down the road.But in any case, my read of what you say is then that the 2FA requirement from legal is in practice an obligation on those requesting the bit; and that other than that a project can assign it using any process they choose, no matter how lax or strict, and nobody will come wagging their fingers at us for it?I personally happen to like written policy (lots and lots of written policy! the drier and more bureaucratic the better!), but this community is actively averse to having too much of that, so I imagine that will be welcome news. :) --Xover (talk) 22:14, 7 February 2020 (UTC)
- Even on large projects (like enwiki) we have no way to actually validate this, we inform a requester that it is required, check if they have the capability to do it, then trust that they are not lying to us when they say they have done it. This is why I asked for phab:T209749 over a year ago... — xaosflux Talk 00:42, 8 February 2020 (UTC)
- Well, from a technical point of view, for something that rises to an actual direct requirement from WMF Legal, it does appear rather half-baked. And I am not at all convinced this particular measure is what would have the best cost—benefit value for the given threat model (because I'm sure the threat model was properly defined before deciding on the best measures… 😀). But, biting my tongue on that aspect, so long as it's clear what are actual global requirements and what is simply up to each project to decide, I'm happy. --Xover (talk) 09:12, 8 February 2020 (UTC)
- Oh, an addendum to that… It occurs to me that what's making me uncertain here is that this page is mostly shaped like a help page with some suggestions on what would be good ideas ("Have two int. admins so they can check eachother", etc.) but then there's suddenly a policy-style requirement introduced from the WMF. Thinking about it I think I see why it is that way, but I also think that once you introduce one formal requirement it makes a whole lot more sense to formulate the whole thing as policy. Not because you necessarily need to have any more requirements, but because that approach makes it clear that the rest are not requirements. Or, you know, that's just my policy-wonk tendencies getting over-excited. :) --Xover (talk) 09:24, 8 February 2020 (UTC)
- The page was originally a help page, I suppose when the WMF came up with the policy of requiring 2FA for some accounts they needed a place to put it and this was the easiest. It's temporary anyway, the software will enforce it at some point, but no one had the time to do that so far. --Tgr (talk) 22:46, 9 February 2020 (UTC)
Error on front page
editThere are some mistakes on the front page. It states "For legal and security reasons, the Wikimedia Foundation has decided to require two-factor authentication for this role." but it would need to state "For legal and security reasons, the Wikimedia Foundation would like two-factor authentication for this role, but does not enfore this."
Similarly, it states "using two-factor authentication" rather than "claiming to use two-factor authentication".
See also phab:T150562, phab:T150898 and phab:T265726. Thanks a lot for fixing these errors! --2001:861:3386:BE90:1D06:A9BF:CDEF:9359 11:01, 25 May 2024 (UTC)
- I don't see how this is incorrect - WMF has indeed enforced a requirement that all users holding interface adminship are required to enable two-factor authentication for their account. EPIC (talk) 11:05, 25 May 2024 (UTC)
- No, as you can see on phab:150898#8605749, hundreds of interface-admins are not using 2FA, and everyone is fine with that. Neither the software nor the grantors of these permissions are enforcing this "rule". --2001:861:3386:BE90:1D06:A9BF:CDEF:9359 11:58, 25 May 2024 (UTC)
- It is still a requirement. The reason why multiple interface administrators do not have two-factor authentication enabled is because local bureaucrats do not have the ability to check whether a user has 2FA enabled. Only stewards can do so, and we don't really bother checking every interface administrator that frequently. For small wikis, multiple interface administrators also disable two-factor authentication after we have checked them, since we mostly don't check a second time. EPIC (talk) 12:01, 25 May 2024 (UTC)
- No, as you can see on phab:150898#8605749, hundreds of interface-admins are not using 2FA, and everyone is fine with that. Neither the software nor the grantors of these permissions are enforcing this "rule". --2001:861:3386:BE90:1D06:A9BF:CDEF:9359 11:58, 25 May 2024 (UTC)
- The only way I can make sense of your statement would be that you are unaware what the term "requirement" means. --2001:861:3386:BE90:6958:BD0B:7DB9:7D31 20:10, 26 May 2024 (UTC)
- We (stewards) audit 2FA activation from time to time, and WMF may audit them as often as they would like. Non-compliant users that do not come in to compliance are subject to removal. This is a requirement, regardless of the enforcement mechanism. — xaosflux Talk 23:36, 26 May 2024 (UTC)
- The only way I can make sense of your statement would be that you are unaware what the term "requirement" means. --2001:861:3386:BE90:6958:BD0B:7DB9:7D31 20:10, 26 May 2024 (UTC)
Interface adminships can just be removed by local bureaucrats (instead of stewards) by default?
editSee [1] (Ctrl+F search "wgRemoveGroups"), I'm curious that why
'default' => [
'bureaucrat' => [
'accountcreator',
'bot',
'confirmed',
'interface-admin', <- Why?
],
Is there any consensus to warrant it? Liuxinyu970226 (talk) 06:43, 28 May 2024 (UTC)
- @Liuxinyu970226: same thing with adding IA - bureaucrats do it by default and this has been the case ever since the policy was introduced. Leaderboard (talk) 07:03, 28 May 2024 (UTC)
- In general, when someone gets the ability to "do something" they get the ability to "undo" it as well. If a community wants this different on their project they may request a configuration change. — xaosflux Talk 11:34, 28 May 2024 (UTC)