Help:Two-factor authentication

Two-factor authentication (TFA) is a system that requires an additional verification step before allowing an account to be logged into. The main MediaWiki extension providing this functionality is Extension:OATHAuth.

For an advanced translated help page, please visit Meta:Help:Two-factor authentication.

Enabling[edit]

You need the oathauth-enable user right to use TFA. If allowed, you will see a link in your preferences to enable it, or visit Special:OATH directly. Clicking on the link will display a QR code and a text code. Most smartphone apps will use the camera to scan the QR code, and automatically add the entry for the account to the list.

Scratch codes[edit]

The special page will also list five emergency "scratch codes" that can be used if you lose your phone. However, each code can only be used one time.

Clients[edit]

First, you'll need a client application to store the TFA token and generate codes. Typically these are smartphone apps, but desktop clients are also available:

• FreeOTP (free and open source, maintained by Red Hat) – Android and iOS
• oathtool (command line)

  Example of command line: oathtool --base32 --totp "YOUR_SECRET_KEY" (the program returns 6 figures)

It is important to remember that you will need this device with you whenever you need to login.

See also[edit]

• m:Help:Two-factor authentication
• Wikimedia Security Team/Two-factor Authentication for CentralAuth wikis