|This is an archive of past discussions from Wikinews:Water cooler/technical/archives/2012. Do not edit the contents of this page. If you wish to start a new discussion or revive an old one, please do so on the|
Encouraging stronger passwords
I've mentioned this before, that longer passwords should be a requirement for privved accounts.
It isn't something I'd want to force upon people, but what I'd like is if we'd a consensus that employing a client-side strength-checker would be a good start. This discussion covers what a few fairly tech-savvy people think on the issue, and you end up pointed to this tool.
All there is extension-wise for MediaWiki is EnforceStrongPassword, which falls foul of all the policy weaknesses that passfault highlights.
If we can agree that, at least here for a trial, we've a password strength meter, then I can pop it up as a BugZilla request. To that, I'dd add a request for a "change your password" nag message post-login. That being displayed if the password is over 3 months old. Again, not enforcing a change. --Brian McNeil / talk 13:24, 12 October 2012 (UTC)
- I'm putting a 'vote' section on this straight away, as I can't see anyone seriously objecting. I'd hope if someone picks it up as a little project to make into an extension, they'd make enforcement an option which would be of use on other wikis where they might want a 'hard' policy. --Brian McNeil / talk 13:24, 12 October 2012 (UTC)
- Seems likely Wikinews would be more concerned about strong passwords for ordinary users than any other sister, because publishing news articles is a more individually responsible task than any other wikimedia function I can think of other than checkuser and oversight. --Pi zero (talk) 13:55, 12 October 2012 (UTC)
- To be honest, this strikes me as something where Wikinews' willingness to be experimented on should be put to good use. I'll bet if we got a decent password strength checker it would be rolled out across all Wikimedia wikis. There are a few closed wikis they could do with reminding people to be careful on. A "fully-featured" checker extension would allow fine-grained control over enforcement; admins must have 'good' (or better) passwords, and 'crats/checkusers/oversighters must have 'excellent' passwords.
- Support as proposer. --Brian McNeil / talk 13:24, 12 October 2012 (UTC)
- Support Seems reasonable. --Pi zero (talk) 13:56, 12 October 2012 (UTC)
- Just got a warning that more changes to MediaWiki are to be rolled out.
- See here: http://lists.wikimedia.org/pipermail/mediawiki-api/2012-October/002704.html
- As-of Monday, the new version will be up on test.wikipedia.org and mediawiki.org.
- Our main concern is likely to be that this could break: WN:MAKELEAD or EzPR.