Svoboda | Graniru | BBC Russia | Golosameriki | Facebook
BBC RussianHomePhabricator
Log In
Create Task
Maniphest T343575

Discourage users from choosing FIDO on WMF websites
Closed, ResolvedPublic
Actions

Description

Can we please override via WikimediaMessage the webauthn-module-description message to heavily discourage users from choosing WebAuthn/FIDO ?

It just doesn't work right now for WMF properties and people get stuck. This option really should just NOT be available at all until it is multi domain compatible, but I'm guessing it is too late for that now.

Problem:
1: You have to read AND remember that you can only log in via the wiki where you registered
2: You have to use a non-modern or non-standard configured browser that allows cross domain cookies if you want to login on 11 out of the 12 top level domains that wikimedia has because of T226797 and T202028

I've now had to guide 2 users (latest) out of this blackhole and as webauthn/fido increases in popularity this is likely just going to increase.

Details

SubjectRepoBranchLines +/-
Add more warnings to WebAuthn 2FAmediawiki/extensions/WikimediaMessagesmaster+1 -1
Customize query in gerrit

Related Objects

Event Timeline

TheDJ created this task.Aug 4 2023, 5:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 4 2023, 5:19 PM
Reedy added a project: Documentation.Aug 30 2023, 1:56 PM
gerritbot added a comment.Aug 30 2023, 5:48 PM

Change 953705 had a related patch set uploaded (by TheDJ; author: TheDJ):

[mediawiki/extensions/WikimediaMessages@master] Add more warnings to WebAuthn 2FA

https://gerrit.wikimedia.org/r/953705

gerritbot added a project: Patch-For-Review.Aug 30 2023, 5:48 PM
Bawolff subscribed.EditedAug 30 2023, 6:20 PM

I kind of wonder if it should be outright disabled. WebAuthn is cool and all, but in its current state it sounds not usable.

gerritbot added a comment.Sep 27 2023, 4:07 PM

Change 953705 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMessages@master] Add more warnings to WebAuthn 2FA

https://gerrit.wikimedia.org/r/953705

Maintenance_bot removed a project: Patch-For-Review.Sep 27 2023, 4:10 PM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.29; 2023-10-03).Sep 27 2023, 5:00 PM
MarcoAurelio closed this task as Resolved.Oct 16 2023, 5:01 PM
MarcoAurelio claimed this task.
MarcoAurelio subscribed.

Boldly closing as resolved since the above patch got merged.

Restricted Application added a project: User-MarcoAurelio. · View Herald TranscriptOct 16 2023, 5:01 PM
MarcoAurelio reassigned this task from MarcoAurelio to TheDJ.Oct 16 2023, 5:02 PM
MarcoAurelio removed a project: User-MarcoAurelio.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits