Extension:OATHAuth

The OATHAuth extension is a time-based one-time password (TOTP) implementation. It provides two-factor authentication via something you have (your phone or desktop client) and something you know (your user name/password). Client support is available for most feature phones, smartphones and desktops (see Client implementations).

Usage
The help page on Two-factor authentication provides information for end users on how to use this extension. However the special page used will also guide users.

Parameters
OATHAuth also adds a key to the  array to define rate limits for authentication attempts:

Note that the   key is available only since 1.35. Earlier version have to rely on   and perhaps  . See the documentation of   for details.

User permission

 * Granting access to enable OATHAuth :

Users should be given access to the   user right so that they can enable it at Special:OATHAuth (a link to which appears at <tvar|3>Special:Preferences</>).

The above will grant all registered users access to enable OATHAuth.

Administration
In the event that a user both loses their token generator AND the recovery tokens; two-factor authentication may be removed from the user by deleting their row from the <tvar|1> </> database table. A sysadmin with shell access may type on a command line <tvar|1> </> and then execute <tvar|2> </> where <tvar|3> </> is the user to have 2FA disabled to have it disabled.
 * Resetting a user token :