New Feature Addition · World management · Created by
MoonRaven
accepted
Security MFA 2FA 2-factor-authentication authentication yubikey totp
Request
Security of accounts is always important. Even if you have a strong password, if it gets leaked, or if someone looks over your shoulder, having MFA would prevent them from gaining access without a second piece of information which will be different for every login session.
MFA
Multifactor authentication works by providing 2 or more pieces of evidence to authenticate the user. In a lot of cases, TOTP (for example Google Authenticator) is implemented. Other examples are hardware keys like a YubiKey or SoloKey by using the FIDO standard.
Other uses are, for example, by SMS or Email, which have been proven to be unreliable in the past.
How does this feature request address the current situation?
Not everyone may want to use it, but by providing MFA, users can opt-in to have a more secure login to WA.
What are other uses for this feature request?
This can also be used to prevent unauthorized password changes, world deletions or even generating new API keys.
Follow up
Just a clarification, Google Authenticator uses the TOTP standard, it is NOT required to use Google Authenticator. You can use Microsoft Authenticator, Authy or any of the other TOTP apps.
I see downvotes on that this shouldn't be required, the request SPECIFICALLY says it should be opt-in. If you don't want to use it, that's fine, other people, like me, do want to. It's our security, if you don't want it, fine?
Also to clarify, a TOTP code is not extra information. It's a trust between you and the site. The site says "here's an extra code, scan it, and then you can generate temporary codes so you can authenticate yourself to us". There is no personal information stored.
Keep in mind that WA says that if your delete an article, it is non-reversible. So if someone looks over your shoulder for your password, they can get in. A TOTP code will block that.
The Team's Response
Thanks for your suggestion and for all your comments! We're accepting this for a future update.
Current score
85/300 Votes · +19703 points