Hi everyone.
I've started an RFC to increase password requirements for users that
have accounts with a high level of access. Specifically people who can
edit [[MediaWiki:Common.js]], and people with access to oversight or
checkuser.
These types of accounts have sensitive access to our sites, and can
cause real harm if they fall into malicious hands. Currently the only
requirement is the password is at least 1 letter long. We'd like to
make that be 8 letters (bytes) long, and also ban certain really
common passwords.
I will probably send a massmessage out sometime soon, but for now,
please mention
https://meta.wikimedia.org/wiki/Requests_for_comment/Password_policy_for_us…
anywhere you think is appropriate and also comment on the proposal
yourself.
Thanks,
--Bawolff