Login
Login

Wikipedia:Bureaucrats' noticeboard#Aspersions in Sdkb RFA

{{Short description|Notices of interest to bureaucrats}}

{{#if:{{PROTECTIONLEVEL:edit}}|{{pp|small=yes}}}}{{User:MiszaBot/config

|archiveheader = {{talkarchivenav}}

|maxarchivesize = 250K

|counter = 51

|minthreadsleft = 0

|minthreadstoarchive = 1

|algo = old(7d)

|archive = Wikipedia:Bureaucrats' noticeboard/Archive %(counter)d

}}

{{/Header}}

__TOC__

[[Wikipedia:Inactive administrators/2025#July 2025]]

The following inactive administrators are being desysoped due to inactivity. Thank you for your service.

;Criteria 1 (total inactivity)

:(none)

;Criteria 2 (100 edits/5-year rule)

  1. {{admin|Satori Son}}
  2. : Last logged admin action: Oct 2020

2FA Checking

Hello team. Now that phab:T265726 has been delivered, you will be able to use Special:VerifyOATHForUser. A couple of notes:

  1. Using this tool requires elevated security, meaning you will likely be requested to log back on to use it (don't try it if you aren't somewhere you can log on, or you may be logged out).
  2. Use of this tool is logged
  3. Another user's 2FA enrollment status is considered sensitive, and should not be publicly shared

When would you ever use this? The primary use case would be if someone applies for interface-admin, you can use this tool to verify they meet the global requirement of being activated for 2FA prior to issuing access. If they do not, you can privately refer them to the enrollment process (WP:2FA locally).

Best regards, — xaosflux Talk 16:54, 2 July 2025 (UTC)

:I see that use of this tool is limited to bureaucrats. Are 'crats signatories to the ANPDP? Ivanvector (Talk/Edits) 16:59, 2 July 2025 (UTC)

::Not necessarily, however WMF Privacy and Legal determined that this was appropriate. 2FA status isn't quite considered "private", as it does not contain any identifying information. It is sensitive, in that it is security related. — xaosflux Talk 17:01, 2 July 2025 (UTC)

:::I should note that it's covered at wmf:Policy:Wikimedia Foundation Access to Nonpublic Personal Data Policy/Exceptions. {{tq|Bureaucrats are permitted to access account two-factor authentication (2FA) status to verify whether other users have enabled 2FA prior to being added to groups that require 2FA. Bureaucrats are not covered under the Access to nonpublic personal data policy, but are nonetheless expected to use and disclose account 2FA status only when necessary.}} EggRoll97 (talk) 17:16, 3 July 2025 (UTC)

::And as far why bureaucrats, the primary use case is in checking before issuing sensitive groups, a task available to that group. (Stewards already use this for global requests). — xaosflux Talk 17:05, 2 July 2025 (UTC)

:::Should we add a link to {{t|rfplinks}} so that it shows up on this page when used? Primefac (talk) 22:29, 4 July 2025 (UTC)