Forum:Require 2FA for Risky Actions
At this time, the rights requiring 2FA would be:
- For risk of personal information leakage:
- For risk of wiki-wide harm:
- For risk of user-specific harm (also gives back administrators the rights to edit user CSS/JS):
Additionally, this means bots can't easily be used to perform these actions, because while the login API does make this possible, AWB and most existing bot frameworks don't support 2FA at this time; however, this is a limited use case and letting bots perform these actions with only bot passwords, since they can hide their edits, is a security risk, so I propose not adding a work-around for bots who have these rights.
Couple of clarifications from Discord (as of 02:17, 29 January 2020 (UTC)):
editinterfaceis included because it could be used to phish users and any vandalism performed with it requires purging our entire cache to be on the safe side. Additionally, our LESS code, which gets converted to CSS, isn't covered by
editsitecss, so could still be used to sneak in malicious CSS without this restriction, though LESS could be added to the right if
editinterfaceis determined to otherwise not be too risky.
- Requiring 2FA for these tools doesn't require admins to have 2FA unless they want to use these tools.
- Checkuser isn't available to all admins, it's just listed as one of the restricted rights, in this case applying to checkuser group members and sysadmins.
- Bot passwords do not bypass 2FA, hence the bot concern.
- Libraries exist for generating two-factor authentication codes, so they could be used in combination with the login API to avoid manually entering new codes for bots.
- I have backported this feature to our older version of the extension.
- Yes, use the login API that supports two-factor authentication. Just add a prompt to your bot to enter in the code and perhaps have a Discord webhook ping you if it needs to be entered, which it shouldn't unless your session expired. - TehKittyCatTalk Wikian-Book 01:47, 29 January 2020 (UTC)
- Or use a two-factor authentication library to handle code generation automatically. - TehKittyCatTalk Wikian-Book 02:31, 29 January 2020 (UTC)
Support - also support not adding a workaround for bots - there are few legitimate reasons for a bot to be editing JS, and supporting it just introduces another attack vector. Toes for Tea (talk) 01:42, 29 January 2020 (UTC)
Support -01:53, 29 January 2020 (UTC)
Support - Badassiel 02:08, 29 January 2020 (UTC)
Support - On the condition that the 2FA works for bots as well. Can one of the admins currently running bots test using their bot?09:03, 29 January 2020 (UTC)
Support -10:18, 29 January 2020 (UTC)