Two-factor authentication/es

Miraheze offers two 2FA methods for adding extra protection to your accounts. Only one of these may be enabled at a time.

TOTP
Time-based One-Time Passwords relies on passwords that change as time passes. You must have a TOTP application or program, commonly available for all kinds of devices and operating systems. Note that TOTP is not generally considered a form of 2FA because it relies on passwords, but is referred to as 2FA by the software.

To enable it, go to Special:Manage Two-factor authentication and select the "TOTP (one-time token)" option. Follow the on-screen instructions to set up.

Once set up, you'll need a code generated from the device you use as your TOTP device everytime you want to log in.

WebAuthn
WebAuthn relies on an authenticator, most commonly a hardware device like a Yubikey.

To enable it, go to Special:Manage Two-factor authentication and select the "Web Authentication (WebAuthn)" option. Follow the on-screen instructions to set up.

Once set up, you'll need to always have the USB key ready (if using an USB key), and '''will always need to go to the wiki you registered the authenticator on to login! Please register the authenticator at Meta to ensure you are always able to login''', in case the wiki you registered it on changes domains, or is deleted.

Account recovery
Enabling 2FA comes with the added risk that if you find yourself unable to satisfy the second factor, like for example, your phone with the TOTP codes broke and you don't have a backup, or the security keys you used with WebAuthn no longer work, you are effectively locked out.

To prevent this from happening, you can for example register multiple different security keys with WebAuthn. There's a process for account recovery in these situations detailed at Reset lost credentials, but success is not guaranteed, as SRE will always err on the side of caution to prevent falling victims to a social-engineering attack.

Mandatory 2FA
Certain users are required to have 2FA enabled on their accounts, due to the advanced permissions they hold.


 * Site Reliability Engineering members
 * Stewards
 * Trust and Safety members
 * Global Sysops