Help:Two-factor authentication

From MediaWiki.org
Jump to navigation Jump to search

Two-factor authentication (TFA) is a system that requires an additional verification step before allowing an account to be logged into. The main MediaWiki extension providing this functionality is Extension:OATHAuth.

For an advanced translated help page, please visit Meta:Help:Two-factor authentication.

Enabling[edit]

OATHAuth enable link.png

You need the oathauth-enable user right to use TFA. If allowed, you will see a link in your preferences to enable it, or visit Special:OATH directly. Clicking on the link will display a QR code and a text code. Most smartphone apps will use the camera to scan the QR code, and automatically add the entry for the account to the list.

Scratch codes[edit]

The special page will also list five emergency "scratch codes" that can be used if you lose your phone. However, each code can only be used one time.

Clients[edit]

First, you'll need a client application to store the TFA token and generate codes. Typically these are smartphone apps, but desktop clients are also available:

  • FreeOTP (free and open source, maintained by Red Hat) – Android and iOS
  • oathtool (command line)
    Example of command line: oathtool --base32 --totp "YOUR_SECRET_KEY" (the program returns 6 figures)

It is important to remember that you will need this device with you whenever you need to login.

See also[edit]