|
What is conveyed here is merely an informative guide on 2FA with the context of the English Wikivoyage and is not a policy or guideline. |
Two-factor authentication (2FA) is a security method that requires users to verify their identity through two distinct steps before accessing their Wikimedia account. This will make breaking into your account more difficult.
In theory, 2FA combines a user's password with something you have physically (such as your mobile phone). While there are ways to get around that for most schemes, an attack just trying a list of passwords won't succeed. The drawback is that you will need the selected device for logging in, and if it is lost or broken, there will be hassle. As a backup, to get back access to your account, you will get a list of codes to write down and keep safe. As a last resort, you may also email [email protected] with your registered email.
This page does not cover the process of implementing 2FA – see the relevant pages on Meta-Wiki or the English Wikipedia for how to implement 2FA. Rather, it aims to cover what it is and more enwikivoyage-specific nuances of 2FA that neither the Meta-Wiki nor the English Wikipedia pages cover.
Previously before December 2025, most users did not have the means to enable 2FA and use of the feature was limited to only those with advanced permissions and template editors. This is now no longer the case, however, and all users can enable 2FA via Special:Preferences (see relevant intiative on mediawiki.org for more information).
Although it is encouraged to enable 2FA to maximise account security for advanced rights holders, it is not required for most permissions, including sysop and bureaucrat. The sole exceptions to this are interface administrators and checkusers, who are mandated to enable 2FA as per WMF policy. There are other global groups and permissions (such as global sysop or steward) on Meta-Wiki that also mandate 2FA, but this does not affect English Wikivoyage.
Important: Before enabling 2FA, make sure that you understand what you need to log in, and that you are sure that you can recover if you, e.g., lose the device coupled with the authentication.