@AKlapper (WMF) can reset my 2fa for phabricator account https://phabricator.wikimedia.org/p/Anoop/ , i have added ci at https://en.wikipedia.org/wiki/User:~aanzx , if it's possible for 2FA reset i can mail you text
Topic on Talk:Phabricator/Help
Hi, the CI was added only yesterday. That is problematic per Phabricator/Help/Two-factor Authentication Resets
Ok i will wait 1 month , thanks for responding
That will not solve the problem. Creating a CI should happen at least a month before losing 2FA access.
Ok, is it possible to remove my Wikimedia account from that account, so that I can create a new phabricator account, since I don't have any other option to recover account
How to have some second verification factor which allows someone else to know that you are in control of your Phabricator and your MediaWiki account? How to prove that you are you? That is what 2FA is for...if you have any ideas, please share them.
https://wikitech.wikimedia.org/wiki/Phabricator#Check_on_a_Phabricator_user is it possible to do email verification for 2fa reset.
I don't really see how that is related to 2FA... what if an attacker has also taken over your email address? As you have an LDAP account attached, maybe uploading a file into your home directory might be an option? But I could not verify this.
"This is the problem with multi-factor authentication. It's nearly worthless if we allow easy resets and completely inconvenient if we don't."
@AKlapper (WMF) , i suggested email verification because , when i uninstalled my authenticator app 2FA on my wikimedia user account through email confirmation, most of other 2FA reset are done through email verifcation or scratch/recovery code only, wouldn't it be more feasible to add additional ways to recover account.
Phabricator does not offers backup codes for multi-factor authentication. If you lose access to your second-factor device, you must have put your user committed identity hash on your wiki user page at least one month before requesting a multi-factor authentication reset.
On Phabricator/Help/Two-factor Authentication Resets it doesn't mention Creating a CI should happen at least a month before losing 2FA access
@AKlapper (WMF) you haven't clarified my above doubt
See my previous comment: What if an attacker has also taken over your email address? How to verify?
Of course it would be great to have additional ways to recover an account, I'd love someone to implement that in upstream Phabricator code. See also Phabricator/Help/Two-factor Authentication Resets for other options, e.g. if a third person comes to your mind for manual verification. See also my comment about LDAP above - do you have shell access to Toolforge to upload a file there, maybe?
(The page does mention, as your paste above comes from that page.)
I'd love to help but I don't know how. Again: "This is the problem with multi-factor authentication. It's nearly worthless if we allow easy resets and completely inconvenient if we don't."
unfortunately, since i have uninstalled my 2fa app without backing up code , i have lost access to all my 2fa codes for wikitech account also , i don't if anyone would to confirm i am the same person as requesting user , i had met THasan (WMF) sometime ago on a editathon would if that user confirms is it enough for 2fa reset
Or only other way is to create new accounts.
Moved to phab:T318172