Authentication checkers: Difference between revisions
Jump to navigation
Jump to search
start |
Marked this version for translation |
||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
<languages/> | |||
{{global policy}} | {{global policy}} | ||
'''Authentication checkers''' are trusted users with the ability to check whether a user has two-factor authentication enabled. These checks are centrally performed on Meta-Wiki and logged in a [[Special:Log/oath|private log]] visible only to Stewards. | <translate> | ||
<!--T:1--> | |||
'''Authentication checkers''' are trusted users with the ability to check whether a user has two-factor authentication enabled. These checks are centrally performed on Meta-Wiki and logged in a [[<tvar name="log">Special:Log/oath</tvar>|private log]] visible only to [[<tvar name="stewards">Special:MyLanguage/Stewards</tvar>|Stewards]]. | |||
== Criteria for checks == | == Criteria for checks == <!--T:2--> | ||
<!--T:3--> | |||
In general, two-factor authentication checks should only be performed when the following criteria are met: | In general, two-factor authentication checks should only be performed when the following criteria are met: | ||
* The checked user holds or is requesting a permission that requires two-factor authentication. | </translate> | ||
* The permission is held or requested on a wiki where the checker has authority to manage such access. | * <translate><!--T:4--> The checked user holds or is requesting a permission that requires two-factor authentication.</translate> | ||
** For example, a checker who is a bureaucrat on wiki A, but not on wiki B, should not perform checks on wiki B's interface administrators. | * <translate><!--T:5--> The permission is held or requested on a wiki where the checker has authority to manage such access.</translate> | ||
** <translate><!--T:6--> For example, a checker who is a bureaucrat on wiki A, but not on wiki B, should not perform checks on wiki B's interface administrators.</translate> | |||
<translate> | |||
== Appointment == <!--T:7--> | |||
<!--T:8--> | |||
Requests for this permission may be placed on [[Stewards/Requests/Global permissions]]. In general, requests will be approved if the following criteria are met: | Requests for this permission may be placed on [[Stewards/Requests/Global permissions]]. In general, requests will be approved if the following criteria are met: | ||
* The user is a bureaucrat on a WickedGov wiki or has another compelling reason to have access to users' two-factor authentication status. | </translate> | ||
* The user has identified to the WickedGov office and appears on the [[identification noticeboard]]. | * <translate><!--T:9--> The user is a bureaucrat on a WickedGov wiki or has another compelling reason to have access to users' two-factor authentication status.</translate> | ||
* The user is trusted not to misuse the access. | * <translate><!--T:10--> The user has identified to the WickedGov office and appears on the [[identification noticeboard]].</translate> | ||
* <translate><!--T:11--> The user is trusted not to misuse the access.</translate> | |||
<translate> | |||
== Removal == <!--T:12--> | |||
<!--T:13--> | |||
Authentication checker access will be removed by a Steward in the following cases: | Authentication checker access will be removed by a Steward in the following cases: | ||
* The user seriously misuses the access by making unnecessary or inappropriate checks. | </translate> | ||
* The user no longer has a good reason to access 2FA status (for example, if the user is no longer a bureaucrat). | * <translate><!--T:14--> The user seriously misuses the access by making unnecessary or inappropriate checks.</translate> | ||
* <translate><!--T:15--> The user no longer has a good reason to access 2FA status (for example, if the user is no longer a bureaucrat).</translate> | |||
Latest revision as of 11:10, 15 April 2025
 | This page documents an official global policy. It represents broad consensus, and compliance is mandatory for all projects. It should not be modified without prior community approval. |
Authentication checkers are trusted users with the ability to check whether a user has two-factor authentication enabled. These checks are centrally performed on Meta-Wiki and logged in a private log visible only to Stewards.
Criteria for checks[edit | edit source]
In general, two-factor authentication checks should only be performed when the following criteria are met:
- The checked user holds or is requesting a permission that requires two-factor authentication.
- The permission is held or requested on a wiki where the checker has authority to manage such access.
- For example, a checker who is a bureaucrat on wiki A, but not on wiki B, should not perform checks on wiki B's interface administrators.
Appointment[edit | edit source]
Requests for this permission may be placed on Stewards/Requests/Global permissions. In general, requests will be approved if the following criteria are met:
- The user is a bureaucrat on a WickedGov wiki or has another compelling reason to have access to users' two-factor authentication status.
- The user has identified to the WickedGov office and appears on the identification noticeboard.
- The user is trusted not to misuse the access.
Removal[edit | edit source]
Authentication checker access will be removed by a Steward in the following cases:
- The user seriously misuses the access by making unnecessary or inappropriate checks.
- The user no longer has a good reason to access 2FA status (for example, if the user is no longer a bureaucrat).