Besonders für Nutzer mit erhöhten Rechten ist die 2FA sinnvoll, da sie eine zusätzliche Schutzebene hinzufügt. In 2025 wird die Wikimedia Foundation damit anfangen, füreinzelne Nutzergruppen dies vorzuschreiben. Details dazu auf derSicherheitsseite für Accounts.
Ab Dezember 2025 steht 2FA allen registrierten Nutzern der Wikimedia-Projekte zur Verfügung.
Authenticator-Apps sind üblicherweise für Smartphones und Tablets verfügbar, teils auch in Passwortmanager integriert. Diese generieren einen Verifizierungscode, der dann zusätzlich zum Login genutzt werden muss. Beispiele hierfür sind derGoogle Authenticator,Microsoft Authenticator oder1Password.
If you don't have a phone or tablet to use for 2FA, you canuse an app on your desktop or laptop, though this is less secure.
Sicherheitsschlüssel sind in der Regel externe Geräte, die zum Login in den verwendeten Computer eingesteckt werden. Beispiele für solche USB-Sticks sind derYubiKey, solche Geräte stellt auch der deutsche Hersteller Nitrokey her. Wichtig: die mobilen Apps der Wikipedia unterstützen keine Sicherheitsschlüssel, sondern ausschließlich Authentificator-Apps.
Passkeys are a simpler and faster way to log in: they don't require a second authentication device, like a security key or an app on your phone. Instead, passkeys are stored on your device or in your password manager, and they enable you to complete verification using your fingerprint, face scan, or with a PIN code.Before you can add a passkey, you must first set up one of the other 2FA methods.
Um die 2FA zu aktivieren, ist ein Login mit Passwort in das Konto nötig, damit anschließend eine zweite Authentifizierung eingerichtet werden kann. Dies kann über eine Authenticator-App sein, einen Sicherheitsschlüssel oder beides. Es ist möglich, beliebig viele Authentifizierungsoptionen zu hinterlegen. Es ist ratsam, mehrere zu benutzen sofern verfügbar.
Um 2FA für Ihr Konto zu aktivieren:
Empfehlenswert ist es, mehrere Authentificator-Apps zu registrieren. Dafür die obigen Schritte mit einer zweiten App erneut ausführen.
Zuerst normal mit Benutzernamen und Passwort einloggen. Das weitere Vorgehen hängt von dem ausgewählten zweiten Faktor ab:
Um die 2FA zu deaktivieren falls das Gerät verloren geht und kein Login möglich ist sieheProblembehandlung.
Falls Sie 2FA nicht abschalten können, weil Sie Zugriff auf ihr Authentifizierungsgerätund Wiederlangungszeichen verloren haben, können Sie versuchen den Zugriff wieder zu erlangen indem Siedie technische Betreuung der WMS bitten, 2FA von Ihrem Konto zu entfernen.
When you enroll in 2FA, you receive a list of ten recovery codes.Print or download those codes and store them in a safe place. If you lose access to your authenticator apps or security keys, you will need these codes to regain access to your account.
Each recovery code issingle use: after you use it once, it is no longer valid. If you use a code, go toSpecial:AccountSecurity and generate a new set of codes, so you don't run out.
Wikimedia wikis currently only support passkeys as a replacement for the second step of logging in (2FA); you still have to login with your password first. We (WMF) will soon add support for fully passwordless login, which will allow users to log in with just their passkey, without entering their username or password. For more information and updates on this work, see theAccount security project page.
To add a passkey:
If you don't enable 2FA, some of your login attempts may requireemail verification. This type of verification requires you to enter a code sent to the email address associated with your wiki account. You can't opt out of this security feature, which protects user accounts from unauthorized access. However, if you enable 2FA, you won't be asked for email verification since 2FA is a stronger level of protection.
Enabling 2FA for your user account may impact your ability to log in to bot accounts or tools. UseOAuth orbot passwords to restrict API sessions to specific actions, while still using 2FA to protect access to your main user account.
For example, tools likeAutoWikiBrowser (AWB) don't support 2FA, but can use bot passwords.
If you have an existing 2FA device which has stopped generating correct codes, check that its clock is accurate.Time-based one-time password (TOTP) on Wikimedia wikis may fail due to a time difference of just 2 minutes.
If you still have access to any device or authentication method you registered for 2FA, use that to log in.
If you no longer have access to any of your authentication methods, use one of your recovery codes: on the two-factor login page, instead of entering a code from your authentication device, click the button to use recovery codes. Enter one of the codes you downloaded when you enabled 2FA.
After you successfully log in, register a new 2FA method before youdisable the ones associated with your lost device.
If you don't have recovery codes and are unable to complete two-step authentication, you can attempt to recover access by asking the Wikimedia Foundation (WMF) support desk to remove 2FA from your account.You should only make this request as a last resort; WMF doesn't guarantee account recovery in this situation.
To file a support request:
wikimedia.org to request removal of 2FA from your account. Send the email using the email address associated with your wiki account.If you can't log in to yourDeveloper account, seethe documentation on wikitech for instructions on how to request 2FA removal.
If you got a new phone or want to use a different device for 2FA, add your new device before you remove your old one:
To use passkeys, you must firstenable 2FA with a security key or an authenticator app. If you have already enabled 2FA, and the button to "Add a passkey" onSpecial:AccountSecurity is gray or inactive, you may be using an incompatible browser or operating system. To use passkeys, you must use one of the following options:
If you don't have any of those options installed, or if you use an old version of your browser or operating system, you cannot use passkeys, and the button will be grayed out for you.
This is most commonly an issue for users of Firefox on Linux. Neither Firefox nor Linux has a built-in password manager, so the only way users of Firefox on Linux can use passkeys is by installing a third-party password manager, like 1Password, Bitwarden, or LastPass.
If you don't have a separate device to use for 2FA, you can use apps likeWinAuth,Authenticator, andKeeWeb to handle 2FA tokens on many computers. This is the recommended way to enable 2FA if you don't have a smartphone or tablet computer.
If you currently use a password manager, check whether it supports 2FA. (Your password manager may also refer to 2FA as "OTP" or "TOTP".) Using your current password manager for 2FA is easier than setting up a new 2FA app.
Note: If you normally edit with your desktop computer, using a desktop 2FA app is slightly less secure thanusing a mobile 2FA app, as someone with access to both your computer and your password would still be able to log in to your account.