Help:Two-factor authentication

Two-factor authentication (TFA) is a system that requires an additional verification step before allowing an account to be logged into. The main MediaWiki extension providing this functionality is OATHAuth.

For an advanced translated help page, please visit Meta:Help:Two-factor authentication.

You need the oathauth-enable user right to use TFA. If allowed, you will see a link in your preferences to enable it, or visit Special:OATH directly. Clicking on the link will display a QR code and a text code. Most smartphone apps will use the camera to scan the QR code, and automatically add the entry for the account to the list.

Scratch codes[edit]

The special page will also list ten emergency "scratch codes" that can be used if you lose your phone. However, each code can only be used one time.

First, you'll need a client application to store the TFA token and generate codes. Typically these are smartphone apps, but desktop clients are also available:

• FreeOTP (free and open source, maintained by Red Hat) – Android and iOS
• oathtool (command line)

  Example of command line: oathtool --base32 --totp "YOUR_SECRET_KEY" (the program returns 6 figures)

It is important to remember that you will need this device with you whenever you need to login.

• m:Help:Two-factor authentication
• Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis