Extension:OATHAuth/en

The OATHAuth extension is a time-based one-time password (TOTP) implementation. It provides two-factor authentication via something you have (your phone or desktop client) and something you know (your user name/password). Client support is available for most feature phones, smartphones and desktops (see Client implementations).

Usage
The help page on Two-factor authentication provides information for end users on how to use this extension. However the special page used will also guide users.

Parameters
OATHAuth also adds a key to the array to define rate limits for authentication attempts:

Note that the  key is available only since 1.35. Earlier version have to rely on  and perhaps. See the documentation of  for details.

User permission
Users should be given access to the  user right so that they can enable it at Special:OATHAuth (a link to which appears at Special:Preferences).
 * Granting access to enable OATHAuth

The above will grant all registered users access to enable OATHAuth.

Administration
In the event that a user both loses their token generator AND the recovery tokens; two-factor authentication may be removed from the user by deleting their row from the  database table. A sysadmin with shell access may type on a command line  and then execute   where   is the user to have 2FA disabled to have it disabled.
 * Resetting a user token: