Help:Two-factor authentication
Two-factor authentication (TFA) is a system that requires an additional verification step before allowing an account to be logged into. The main MediaWiki extension providing this functionality is Extension:OATHAuth.
For an advanced translated help page, please visit Meta:Help:Two-factor authentication.
Enabling[edit]
You need the oathauth-enable
user right to use TFA. If allowed, you will see a link in your preferences to enable it, or visit Special:OATH directly. Clicking on the link will display a QR code and a text code. Most smartphone apps will use the camera to scan the QR code, and automatically add the entry for the account to the list.
Scratch codes[edit]
The special page will also list ten emergency "scratch codes" that can be used if you lose your phone. However, each code can only be used one time.
Clients[edit]
First, you'll need a client application to store the TFA token and generate codes. Typically these are smartphone apps, but desktop clients are also available:
- FreeOTP (free and open source, maintained by Red Hat) – Android and iOS
- oathtool (command line)
- Example of command line:
oathtool --base32 --totp "YOUR_SECRET_KEY"
(the program returns 6 figures)
- Example of command line:
It is important to remember that you will need this device with you whenever you need to login.