Meta talk:Interface administrators

Amending Interface administrators policy page
While I said on IRC and on Phabricator security ticket #T9071 that I would've preferred a community discussion take place prior to RhinosF1 implementing this configuration change to Meta Wiki, given that Meta Wiki is both central project coordination wiki used for, among other things, control over pan Miraheze configuration changes affecting user rights, ManageWiki changes, and the like, and the potential for harmful JS code to be inserted, it is prudent and cautious to require users requestin the Meta bureaucrat sub-delegated discretionary  role rather than have to be reactionary.

It is proposed that the eligibility clause of Interface administrators be amended to add the following:


 * Have two-factor authentication enabled on their account

Additionally, for the sake of clarity, it is further clarified and codified that the eligibility requirements past the point of granting by a Meta bureaucrat continue while the holders continue to hold the permission.

As such, a Meta bureaucrat may request a Steward to verify a holder's two-factor authentication status at any time, either by posting a request at stewards' noticeboard or via e-mail to.

It's important to note that Wikimedia already requires this on their wikis, and we're not even proposing to require this globally, at least at this stage. Any such potential change, if considered, would follow a global community discussion, which Stewards would close. This discussion, however, will be closed by an ideally non-participating Meta bureaucrat.

As an aside, whenever any Meta interface administrator has requested the permission, they've often been surprised that two-factor authentication has not been a requirement, given the above.

Discussion
Dmehus (talk) 18:06, 16 April 2022 (UTC)