 | For legal and security reasons, theWikimedia Foundation requirestwo-factor authentication for this role. This is also enforced by the software (users who don't have 2FA enabledwill not be able to use their permissions). |
Interface administrators are users with the ability to edit sitewideCSS andJS pages (such asMediaWiki:Common.js,MediaWiki:Vector.css, interface messages which are interpreted as raw HTML, or the gadget pages listed onSpecial:Gadgets), and other users' personal CSS/JS pages. JS and CSS pages are executed by the browser of wiki editors and readers as code, which can be used to change how content is styled, change the behavior of pages or even create highly complex tools such aswikEd.
Editing CSS/JS that gets executed in other users' browsers is very powerful and potentially dangerous in the hands of a malicious user; interface administrators should be users who are highly trusted, have at least a basic understanding of CSS and JS, are aware of the privacy expectations of Wikimedia wikis, and have a decent understanding of account security (choosingstrong unique passwords, not getting infected by malware and usingtwo-factor authentication). It is recommended to remove the interface administrator rights of inactive users, to reduce theattack surface. Small wikis might also want to make sure they have at least two people who can read JavaScript so they can vet each other's edits (a bit like checkusers).
Interface administrators can also edit other users' personalJSON pages and all pages in the MediaWiki namespace. These abilities are less dangerous and shared with other user groups.