Återställa förlorade uppgifter

From Meta
Jump to navigation Jump to search
This page is a translated version of the page Reset lost credentials and the translation is 21% complete.
Other languages:
English • ‎français • ‎svenska • ‎বাংলা • ‎日本語 • ‎한국어

Reset lost credentials/sv

Den här sidan är en hjälpsida och inte en policy eller riktlinje. Var god använd den här sidan som hjälpmedel för att navigera i Miraheze wikier.


Tekniskt sett kan Miraheze systemadministratörer (även kända som administrationen) återställa uppgifter, som lösenord eller tvåfaktorsautentisering. På grund av policybeslut återställer vi däremot inte uppgifter på någons begäran. Detta beror på att administrationen fruktar att vi kan fastna i social manipulation. Därav kräver administrationen matematiska bevis för att en användare verkligen är den riktiga ägaren av ett konto innan vi kan återställa.

In general, we don't do a password reset. If you don't have email configured and lost your password, consider that account gone. Everything is case-by-case and done at the discretion of the staff.

Vi känner dig

If we are sufficiently sure that requesting person is authentic user behind the claimed account, we may do the reset. This depends on the user, and how we got to know the user.

Committed identity

Committed identity is a secret hash. The contents are only known to the generating user until the hash is revealed to staff when you need to prove ownership.

Linked SignPost page is documenting enough that you can just follow.

  • Browse to text2hash.
  • Enter your 'secret'. It should be long enough (not just two-three words, not easy to guess, preferably have some random string (i.e. today's date). Hash is "SHA512" - leave it as is. If it is not SHA512, change to SHA512.
    • The string used in this help page is Miraheze Meta Test Committed Identity - 2018-02-25 - User:Blah_blah This is a committed identity.
  • text2hash will dynamically generate the hash. Copy the result.
    • In this example, hash is d9a6f981c04721d7dddd541175c97b24182bf550670819fb4a67444ba9710c751e0f2a8d8949de6a47c01bb9c19fc4fb70f3c5c89d22612ffc06fbc31bc7ecb0.
  • Paste your hash into your userpage.
    • In this example, do {{Committed identity| d9a6f981c04721d7dddd541175c97b24182bf550670819fb4a67444ba9710c751e0f2a8d8949de6a47c01bb9c19fc4fb70f3c5c89d22612ffc06fbc31bc7ecb0}}.
  • Now, close the tab and re-open it.
  • Verify the same original string and verify that the newly generated hash matches the hash in template.
  • IF, and ONLY IF the two hash matches, save it.

And when you need to prove your ownership, if staff asks, send an email to tech at miraheze{{.}}org with the string. If you are putting "" around it, tell us if we need to remove it when putting the hash.

GPG

If you have a Gnu Privacy Guard key with signing functions, you can use it to prove your ownership.

  1. Create a GnuPG key. This is not explained in this help page. Debian has a great how-to page for this. Just make sure your key doesn't expire (When asked for Key is valid for? (0), just enter or give 0.)
  2. If you followed above example, you now have a GnuPG key. Now, when your key was created, gpg told you about Key fingerprint = . Paste that value somewhere. This is very important.
  3. Sign a statement (do Clearsign.) with "current date", statement "I, REPLACE_HERE_WITH_YOUR_USERNAME, controls the private key associated with this GnuPG key, and this key owner is authorized to perform a credential reset if signed request is sent to staff at miraheze{{.}}org." Example in User:Revi/ssh.
  4. Save the signature with the original text and the fingerprint on wiki. Wrap your comment with <pre></pre> otherwise MediaWiki formatting will mess up the GPG signature.
  5. When requested, send a signed email from the specified key to tech at miraheze{{.}}org to verify your identity.
  6. Your key must be available from pool.sks-keyservers.net pool, so we can verify your key independently. Verify that your key is available by checking against keyserver.ubuntu.com, pgp.mit.edu, and pgp.surfnet.nl. Your key should be accessible from all of three servers. (If your key is new, it may take time to synchronize the key between key servers. Try again after 24 hours.)

This requires understanding of how GPG key creation, signing, and keyserver works, and thus not recommended for newbies. This is an option for technically savvy users.