On Tue, 14 Aug 2007 13:45:47 -0400, Brion Vibber wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Dalton wrote:
It's
very unlikely that two people with the exact same username will
pick the exact same lame password.
If they do, then they could have logged into each others' accounts
anyway -- so it's high time for them to figure it out. ;)
They couldn't log into each other's accounts without knowing they had
the same password, except by guessing. They wouldn't know that until
this new special page told them. It's highly unlikely, sure, but not
impossible. I doubt there are many people with accounts with the same
password but different email address, so the gain is minimal. I don't
think that minimal gain is worth the, admittedly small, chance of
given someone access to someone else's account.
I disagree; I think this "risk" is laughably ridiculous if not
nonexistent, and the huge benefit of increased automation far far far
far far far outweighs it.
Plenty of people don't *have* an e-mail address set, or don't have it
set at all wikis. Password login checks are the most secure and most
reliable way to confirm that the real human owns the account.
It seems to me like a typical precision vs. recall situation. I think
email has the best precision, certainly better than password, since it
shows the accounts are technically already linked; but since we don't
require it, and even if people do use it, they can easily use different
addresses that may or may not even go to the same inbox, recall would be
pretty low (lots of false negatives), possibly to the point where the
whole thing becomes pointless.
Password matching should greatly increase recall and slightly decrease
precision. So it would be ideal to try to limit the amount of mistakes
and have a way to deal with them, but it's a matter of finding a way to do
that's not too complicated to deal with a situation that might never arise.
For example, when comparing passwords, also compare with the 5 or so most
likely passwords for that account; if you get a match, then tell them to
come back after they've changed their password. This has the advantage
that it's pretty simple, and would also address a situation that really
does occur.