Two-factor authentication on Wikipedia for admins and up.

Jimmy Wales’ Wikipedia account got hacked the other day, and it turns out a pile of others did too. So two-factor authentication is being made available for everyone with powers from administrator up on any Wikimedia wiki. Go to Special:Preferences and set it up.

(If your account got hacked and has been locked, go to Steward requests. There’s a bit of a queue, please be patient … else it’s time to fire up the powerless sock account.)

It’s still a bit fiddly, so is being rolled out slowly. (The aim is to have it available to all users in due course.) Authentication methods include mobile phone, Google Authenticator and emergency backup numbers you can print out and keep on hand (“scratch codes”). BWolff (WMF) notes:

If you lose your scratch codes and your 2fa device, and you can prove who you are beyond doubt (what “beyond doubt” means I’m not sure, but I guess committed identity is a good choice), then a developer will remove the 2fa from your account. However, please don’t lose your scratch codes.

I use two-factor at work (GMail, Github, AWS) and it’s just fine. This is basically a really good idea.

Note that AutoWikiBrowser will be a bit fiddly, you will need to set up a BotPassword. (AWB plans to support OAuth soonish.)

At least avoiding another Tubgirl is Love incident won’t require distributing RSA keyfobs to the user base. (Though WMF wants to support fobs too.)

Update: Tim Starling on what actually happened. tl;dr change your password and SWITCH ON 2FA, IT’S IMPORTANT.

Attack of the 50 Foot Blockchain.

I’m writing a short book on Bitcoin, blockchains, smart contracts and why all this garbage is garbage. I hoped to have it out by now, but it turns out writing is work! My target is 500 usable words a day. Currently at 16,000 words of draft, I expect this to hit 20,000 (almost certainly not more than 25,000) and then I’ll cull it to size.

I’m occasionally ranting about it on my Tumblr. You can read the tag in reverse order or chronological order.

(and no, I probably can’t actually call it Attack of the 50 Foot Blockchain. Suggestions welcomed.)

Yes, my edits on cryptocurrency-related articles have helped a great deal in the research …

FAQ answer: Sadly, Amazon Kindle only accepts filthy fiat.