Extension:TwoFactorAuthentication

The TwoFactorAuthentication extension is an implementation of two-factor authentication for MediaWiki. The extension adds an additional field to the login form (and other authentication forms) that allows users to authenticate with a physical device, such as a phone with Google Authenticator, in addition to their password. Using two-factor authentication prevents account hijacking by requiring that an attacker have both the user's password AND one-time password device. This extension is actually a reduced version of Extension:OATHAuth, although only about half the code has been preserved.

Configuration parameters
TwoFactorAuth has a few configuration variables. However, for most installations, the defaults will work just fine.
 * $wgTwoFactorWindowSize: The number of time, in seconds, that each one-time password is valid for. The default is 30 seconds.
 * $wgTwoFactorWindowLeniency: The radius of tokens to accept for authenticating. The default is 1, to allow for occasional differences in time synchronization. This number should generally not be increased for security reasons.