Contents 1 What is 2FA? 2 Why on earth do I need this? 3 How to enable 2FA, the simple way (smartphone) 3.1 How to log-in following setup 4 How to enable 2FA, the simple way (desktop - Windows) 5 Emergency tokens : IMPORTANT, read this 6 Can I disable 2FA? 7 Known issues/points to consider 8 More help? 9 Notes


What is 2FA?[edit] See also: Two-factor authentication 2FA is a little bit like using one of these. Since the Wikimedia Foundation isn't going to mail a keycode device to all the Administrators, we'll need to improvise a bit. 2FA, or two-factor authentication is a way of adding additional security on your account. The first "factor" is your usual password that is standard for any account, the second is a code retrieved from an external device such as a smartphone, or a program on your computer. It is conceptually similar to a keycode device you may have to use when logging into internet banking. The technical name for this is "Time-based One-time Password Algorithm" (TOTP).


Why on earth do I need this?[edit] Main page: Help:Two-factor authentication § Accounts affected It is really important for users with advanced rights to keep their account secure. In November 2016, a number of Wikipedia administrators (including the co-founder, Jimbo Wales) had their accounts compromised, which were then used to vandalise the encyclopedia. As well as causing widespread disruption, the affected administrators' accounts were locked so they couldn't do anything until it was beyond doubt they had regained control. On the English Wikipedia, the following groups can use 2FA: Administrators Bureaucrats Checkusers Edit Filter Managers Oversighters You'll already know if you're in one of these groups, as you'll have asked for access. If you don't recognise any of these terms, you probably can't use 2FA for now. Note that users with advanced rights on other projects, including test wikis hosted by Wikimedia, can also enable 2FA from those projects.


How to enable 2FA, the simple way (smartphone)[edit] This is what a typical QR code looks like.  To scan a QR code, put your phone next to the code as if you're going to take a picture of it.  Download a 2FA app onto your smartphone. Some options include: freeOTP by Fedora (iOS, Android) – open source Authy Google Authenticator (iOS, Android) Go to Special:OATH and follow the instructions. The recommended authentication method with Google Authenticator is to scan a QR code. Your browser will display a box with a pattern, which you have to point the camera in your smartphone towards, as if you're taking a picture of it. (Your phone might ask you for permission to use the camera first). If you can't scan the code, you can enter a secret key from the screen in to Google Authenticator, which gives you the same result. Once you're set up, your phone will give you a verification code. Enter this into the box at the bottom of the OATH page browsed to in step 2). That's it, you're all set up. Now read "Emergency tokens : IMPORTANT, read this". How to log-in following setup[edit] When you now login, after entering your password you'll be asked for an authentication token. Open up the app you installed in step 1) and you should see a numeric key. Type the key in as is (with no spaces), and you should be logged back in Because the key is time-based, it may change while you're doing this, in which case you'll have to add the latest key instead. The application will normally indicate when a key is about to expire (e.g.: in Google Authenticator, the key's colour changes from blue to red).


How to enable 2FA, the simple way (desktop - Windows)[edit] Please note: Using a windows based client slightly decreases the effectiveness of a two-factor system - if someone has access to your PC and your password, they will still be able to log in Download WinAuth[1] (https://winauth.github.io/winauth/) onto your Windows PC. Go to Special:OATH and follow the instructions Enter the two-factor account name and key from the OATH screen into the program. It should show you where to put it. Enter a verification code from winauth into the OATH screen to complete the enrollment. That's it, you're all set up. Now, read "Emergency tokens : IMPORTANT, read this".


Emergency tokens : IMPORTANT, read this[edit] Example of emergency tokens When you set up 2FA, you'll be given a number of emergency tokens. You can use one of these if you can't use your smartphone (e.g.: if it gets broken, stolen or sold). You only get shown these tokens when you sign up and never again, so make a copy of them by selecting/pasting them from your browser and storing them offline (paper printout or memory stick) in a safe place. If you don't keep these tokens and also have a problem using your authentication device, you will be locked out of your account! Each token can only be used one time - ever - and it takes two of them to turn off 2FA (the first to log on without 2FA, and the second to shut off 2FA after logging in). Don't store these on your smartphone - if it gets lost you won't be able to use your phone, and you just lost the codes! You still need to follow good security practices. Don't use your name, date of birth or anything obvious as a password that can be guessed in a simple dictionary attack, don't write your password down in a place anyone else can see it, and consider whether or not it's a good idea to log into public terminals including schools, libraries and airports. If you are totally locked out, regaining access to your account will be very difficult and usually involve proving your identity beyond the shadow of a doubt to one of the developers via the Phabricator system who may or may not decide to manually disable 2FA in the database directly. If you cannot satisfy these requirements or the developers deny your request, it is impossible to turn 2FA off and you effectively need to perform a clean start.


Can I disable 2FA?[edit] If using 2FA becomes too onerous or difficult (e.g.: you aren't always near your phone or keycode application), you can browse to Special:OATH again and you'll be given the option to disable it. You'll need to enter a code, just as you would when logging in, and if this is correct, 2FA will be turned off.


Known issues/points to consider[edit] AWB and Huggle users will have to create a program password after enabling 2FA - please see this guide for information.


More help?[edit] If you find something on this page to be incomplete or unclear, feel free to raise the issue on the talk page and with luck, someone will fix it. Metawiki help page - this is quite technical. Technical village pump Emailing info-enwikimedia.org - your ticket will be dealt with by one of the OTRS technical agents Joining #wikipedia-en connect and/or #wikipedia-tech connect Contacting editors willing to assist with two-factor authentication


Notes[edit] ^ Looks to me to be the most reliable out there - is open sourced and has a significant userbase. Please confirm you are visiting the official site and use checksums if possible v t e Wikipedia accounts and governance Unregistered (IP) users Why create an account? Create an account Request an account IPs are human too IP addresses are not people IP hopper Registered users New account Logging in Reset passwords Username policy Changing username Usernames for administrator attention Unified login or SUL Alternate account Account security Password strength requirements User account security Personal security practices Two-factor authentication Simple 2FA 2FA for AWB Committed identity On privacy, confidentiality and discretion Compromised accounts Blocks, global locks, bans, sanctions Blocking policy FAQ Admins guide Tools Autoblock Appealing a block Guide to appealing blocks UTRS Unblock Ticket Request System Blocking IP addresses Range blocks IPv6 Open proxies Global locks Banning policy ArbCom appeals Sanctions Personal sanctions General sanctions Discretionary sanctions and Log Essay Long-term abuse Standard offer Related to accounts Sock puppetry Single-purpose account Sleeper account Vandalism-only account Wikibreak Enforcer Retiring Courtesy vanishing Clean start Quiet return User groups and global user groups Requests for permissions Admin instructions Admin guide Account creator PERM Autopatrolled PERM AutoWikiBrowser PERM Confirmed PERM Extended confirmed PERM Edit filter helper File mover PERM Mass message sender PERM New page reviewer PERM Page mover PERM Pending changes reviewer PERM Rollback PERM Template editor PERM IP-block-exempt Requests Courses access Requests Bot accounts Requests Global rights policy OTRS Volunteer Response Team Advanced user groups Administrators RfA Bureaucrats RfB Edit filter manager Requests CheckUser and Oversight Requests Founder Committees and related Arbitration Committee Mediation Committee Bot approvals group Functionaries Clerks Governance Administration FAQ Formal organization Editorial oversight and control Quality control Wikimedia Foundation Board Founder's seat Meta-Wiki Leadership opportunities WikiProjects Elections Policies and guidelines Unbundling administrators' powers Petitions Noticeboards Consensus Dispute resolution Reforms Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Simple_2FA&oldid=827178665" Categories: Wikipedia essays


Navigation menu Personal tools Not logged inTalkContributionsCreate accountLog in Namespaces Project pageTalk Variants Views ReadEditView history More Search Navigation Main pageContentsFeatured contentCurrent eventsRandom articleDonate to WikipediaWikipedia store Interaction HelpAbout WikipediaCommunity portalRecent changesContact page Tools What links hereRelated changesUpload fileSpecial pagesPermanent linkPage information Print/export Create a bookDownload as PDFPrintable version Languages Add links This page was last edited on 23 February 2018, at 05:27. Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view (window.RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgPageParseReport":{"limitreport":{"cputime":"0.148","walltime":"0.222","ppvisitednodes":{"value":459,"limit":1000000},"ppgeneratednodes":{"value":0,"limit":1500000},"postexpandincludesize":{"value":42825,"limit":2097152},"templateargumentsize":{"value":327,"limit":2097152},"expansiondepth":{"value":8,"limit":40},"expensivefunctioncount":{"value":1,"limit":500},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 141.093 1 -total"," 26.87% 37.914 1 Template:Shortcut"," 24.27% 34.243 1 Template:Essay"," 19.01% 26.818 1 Template:Ombox"," 9.88% 13.944 1 Template:Wikipedia_accounts"," 8.20% 11.569 1 Template:Navbox"," 7.05% 9.942 1 Template:Seealso"," 6.17% 8.699 1 Template:Reflist"," 6.04% 8.516 2 Template:IRC"," 4.13% 5.822 1 Template:Gallery"]},"scribunto":{"limitreport-timeusage":{"value":"0.043","limit":"10.000"},"limitreport-memusage":{"value":1582687,"limit":52428800}},"cachereport":{"origin":"mw1277","timestamp":"20180223052659","ttl":1900800,"transientcontent":false}}});});(window.RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgBackendResponseTime":75,"wgHostname":"mw1257"});});


Wikipedia:Simple_2FA - Photos and All Basic Informations

Wikipedia:Simple_2FA More Links

Wikipedia:ShortcutWikipedia:EssaysWikipedia:Policies And GuidelinesWikipedia:ConsensusTwo-factor AuthenticationEnlargeWikimedia FoundationWikipedia:ADMINInternet BankingTime-based One-time Password AlgorithmHelp:Two-factor AuthenticationUser:Jimbo WalesWikipedia:AdministratorsWikipedia:BureaucratsWikipedia:CheckuserWikipedia:Edit FilterWikipedia:OversightWikipedia:2FAThis Is What A Typical QR Code Looks Like.QR CodeTo Scan A QR Code, Put Your Phone Next To The Code As If You're Going To Take A Picture Of It.Google AuthenticatorSpecial:Two-factor AuthenticationQR CodeWikipedia:2FASpecial:Two-factor AuthenticationEnlargeWikipedia:SECURITYDictionary AttackWikipedia:CLEANSTARTSpecial:Two-factor AuthenticationWikipedia:AWBWikipedia:HUGGLEWikipedia:Using AWB With 2FAWikipedia Talk:Simple 2FAWikipedia:VPTWikipedia:OTRSCategory:Wikipedians Willing To Assist With Two-factor AuthenticationChecksumsTemplate:Wikipedia AccountsTemplate Talk:Wikipedia AccountsUser (computing)GovernanceWikipedia:User Access LevelsWikipedia:Why Create An Account?Special:CreateAccountWikipedia:Request An AccountWikipedia:IPs Are Human TooWikipedia:IP Addresses Are Not PeopleWikipedia:IP HopperWikipedia:New AccountHelp:Logging InHelp:Reset PasswordWikipedia:Username PolicyWikipedia:Changing UsernameWikipedia:Usernames For Administrator AttentionWikipedia:Unified LoginWikipedia:Sock PuppetryWikipedia:Password Strength RequirementsWikipedia:User Account SecurityWikipedia:Personal Security PracticesHelp:Two-factor AuthenticationWikipedia:Using AWB With 2FATemplate:Committed IdentityWikipedia:On Privacy, Confidentiality And DiscretionWikipedia:Compromised AccountsWikipedia:Blocking PolicyWikipedia:FAQ/BlocksWikipedia:Administrators' Guide/BlockingWikipedia:Administrators' Guide/Blocking/ToolsWikipedia:AutoblockWikipedia:Appealing A BlockWikipedia:Guide To Appealing BlocksWikipedia:Unblock Ticket Request SystemWikipedia:Blocking IP AddressesWikipedia:Open ProxiesWikipedia:Banning PolicyWikipedia:Arbitration Committee/Ban AppealsWikipedia:SanctionsWikipedia:Editing RestrictionsWikipedia:General SanctionsWikipedia:Arbitration Committee/Discretionary SanctionsWikipedia:Arbitration Enforcement LogWikipedia:Sanctions (essay)Wikipedia:Long-term AbuseWikipedia:Standard OfferWikipedia:Sock PuppetryWikipedia:Single-purpose AccountWikipedia:Sleeper AccountWikipedia:Vandalism-only AccountWikipedia:WikibreakWikipedia:WikiProject User Scripts/Scripts/WikiBreak EnforcerWikipedia:RetiringWikipedia:Courtesy VanishingWikipedia:Clean StartUser:Worm That Turned/Quiet ReturnWikipedia:User Access LevelsWikipedia:Requests For PermissionsWikipedia:Requests For Permissions/Administrator InstructionsWikipedia:Administrators' Guide/Granting And Revoking User RightsWikipedia:Account CreatorWikipedia:Requests For Permissions/Account CreatorWikipedia:AutopatrolledWikipedia:Requests For Permissions/AutopatrolledWikipedia:AutoWikiBrowserWikipedia:Requests For Permissions/AutoWikiBrowserWikipedia:User Access LevelsWikipedia:Requests For Permissions/ConfirmedWikipedia:User Access LevelsWikipedia:Requests For Permissions/Extended ConfirmedWikipedia:Edit Filter HelperWikipedia:File MoverWikipedia:Requests For Permissions/File MoverWikipedia:Mass Message SendersWikipedia:Requests For Permissions/Mass Message SenderWikipedia:New Pages Patrol/ReviewersWikipedia:Requests For Permissions/New Page ReviewerWikipedia:Page MoverWikipedia:Requests For Permissions/Page MoverWikipedia:Reviewing Pending ChangesWikipedia:Requests For Permissions/Pending Changes ReviewerWikipedia:RollbackWikipedia:Requests For Permissions/RollbackWikipedia:Template EditorWikipedia:Requests For Permissions/Template EditorWikipedia:IP Block ExemptionWikipedia:Unblock Ticket Request SystemWikipedia:User Access LevelsWikipedia:Education NoticeboardWikipedia:Bot PolicyWikipedia:Bots/Requests For ApprovalWikipedia:Global Rights PolicyWikipedia:Volunteer Response TeamWikipedia:AdministratorsWikipedia:Requests For AdminshipWikipedia:BureaucratsWikipedia:Requests For AdminshipWikipedia:Edit FilterWikipedia:Edit Filter NoticeboardWikipedia:CheckUserWikipedia:OversightWikipedia:Arbitration Committee/CheckUser And OversightWikipedia:Role Of Jimmy WalesWikipedia:CommitteesWikipedia:Arbitration CommitteeWikipedia:Mediation CommitteeWikipedia:Bot Approvals GroupWikipedia:FunctionariesWikipedia:Sockpuppet Investigations/SPI/ClerksWikipedia:AdministrationWikipedia:AdministrationWikipedia:FAQ/AdministrationWikipedia:Formal OrganizationWikipedia:Editorial Oversight And ControlWikipedia:Quality ControlWikipedia:Wikimedia FoundationWikipedia:Board Of TrusteesWikipedia:Founder's SeatWikipedia:MetaWikipedia:Leadership OpportunitiesWikipedia:WikiProjectWikipedia:ElectionsWikipedia:Policies And GuidelinesWikipedia:Unbundling Administrators' PowersWikipedia:List Of PetitionsWikipedia:NoticeboardsWikipedia:ConsensusWikipedia:Dispute ResolutionWikipedia:ReformsHelp:CategoryCategory:Wikipedia EssaysDiscussion About Edits From This IP Address [n]A List Of Edits Made From This IP Address [y]View The Project Page [c]Discussion About The Content Page [t]Edit This Page [e]Visit The Main Page [z]Guides To Browsing WikipediaFeatured Content – The Best Of WikipediaFind Background Information On Current EventsLoad A Random Article [x]Guidance On How To Use And Edit WikipediaFind Out About WikipediaAbout The Project, What You Can Do, Where To Find ThingsA List Of Recent Changes In The Wiki [r]List Of All English Wikipedia Pages Containing Links To This Page [j]Recent Changes In Pages Linked From This Page [k]Upload Files [u]A List Of All Special Pages [q]Wikipedia:AboutWikipedia:General Disclaimer



view link view link view link view link view link