My phone number is something I consider highly sensitive. Linking this kind of data to my online identity would be an unacceptable risk for me.
Vito 2016-11-12 13:37 GMT+01:00 Amir Ladsgroup <ladsgr...@gmail.com>: > As far as I know 2FA is already implemented and mandatory for WMF staff > accounts and wikitech accounts. https://phabricator.wikimedia.org/T107605 > > I emphasized on having 2fa for CUs, oversights and others with private data > access: https://phabricator.wikimedia.org/T107605#2570342 > Not sure what's blocking this. > > Best > > On Sat, Nov 12, 2016 at 3:57 PM Craig Franklin <cfrank...@halonetwork.net> > wrote: > > > I know it's been said many times, but two-factor authentication, > mandatory > > for accounts with advanced privileges and optionally available for > everyone > > else, would seem to be a logical step. It's not foolproof, but it would > go > > a long way to making us less of a soft target. > > > > Cheers, > > Craig > > > > On 12 November 2016 at 22:22, Fæ <fae...@gmail.com> wrote: > > > > > Do any of the volunteers contributing to this list have ideas for > > > changes that may make a significant difference to security? > > > > > > Yesterday saw Jimmy Wales' Wikipedia account getting hacked, in the > > > process appearing to promote an organisation.[1] It was not the only > > > account compromised. This is being analysed, though as there are > > > security issues being examined, the analysis has not been made public > > > so far; plus it's the weekend :-) > > > > > > Over the last few years, there have improvements on account set-up and > > > choice of passwords, along with user suggestions for better account > > > management. Users can also chose to use committed identities[2] to > > > make account recovery easier, and are encouraged to use more secure > > > passwords. Two-factor authentication,[3] such as using mobile phone > > > text messages, has been suggested a few times by volunteers, and this > > > might be a good moment to encourage the WMF to have better facilities > > > built into the projects. We could even make two-factor identification > > > a requirement for trusted users, such as administrators, important > > > bots, and "high profile" accounts, where they may have special rights > > > that could cause a fair amount of disruption if a hacked account were > > > not identified quickly. Considering that some administrator accounts > > > can lie dormant for many months without the actual user monitoring it, > > > these could end up being far more disruptive than well-watched > > > accounts like Jimmy's. > > > > > > We may want extra security to remain mostly optional, keeping our > > > projects simple to access. Education of new volunteers and trusted > > > users may be critical for making it effective, such as avoiding social > > > hacking. A clearer understanding of what the community would want to > > > see improved would probably help set development priorities. > > > > > > Links > > > 1. https://en.wikipedia.org/wiki/User_talk:Jimbo_Wales#Compromised > > > 2. https://en.wikipedia.org/wiki/Template:Committed_identity > > > 3. https://en.wikipedia.org/wiki/Multi-factor_authentication > > > > > > Thanks, > > > Fae > > > -- > > > fae...@gmail.com https://commons.wikimedia.org/wiki/User:Fae > > > > > > _______________________________________________ > > > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > > > wiki/Mailing_lists/Guidelines > > > New messages to: Wikimedia-l@lists.wikimedia.org > > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > > _______________________________________________ > > Wikimedia-l mailing list, guidelines at: > > https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines > > New messages to: Wikimedia-l@lists.wikimedia.org > > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ > Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/ > wiki/Mailing_lists/Guidelines > New messages to: Wikimedia-l@lists.wikimedia.org > Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, > <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe> > _______________________________________________ Wikimedia-l mailing list, guidelines at: https://meta.wikimedia.org/wiki/Mailing_lists/Guidelines New messages to: Wikimedia-l@lists.wikimedia.org Unsubscribe: https://lists.wikimedia.org/mailman/listinfo/wikimedia-l, <mailto:wikimedia-l-requ...@lists.wikimedia.org?subject=unsubscribe>
