-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Thomas Dalton wrote:
It's very
unlikely that two people with the exact same username will
pick the exact same lame password.
If they do, then they could have logged into each others' accounts
anyway -- so it's high time for them to figure it out. ;)
They couldn't log into each other's accounts without knowing they had
the same password, except by guessing. They wouldn't know that until
this new special page told them. It's highly unlikely, sure, but not
impossible. I doubt there are many people with accounts with the same
password but different email address, so the gain is minimal. I don't
think that minimal gain is worth the, admittedly small, chance of
given someone access to someone else's account.
I disagree; I think this "risk" is laughably ridiculous if not
nonexistent, and the huge benefit of increased automation far far far
far far far outweighs it.
Plenty of people don't *have* an e-mail address set, or don't have it
set at all wikis. Password login checks are the most secure and most
reliable way to confirm that the real human owns the account.
- -- brion vibber (brion @
wikimedia.org)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla -
http://enigmail.mozdev.org
iD8DBQFGwepLwRnhpk1wk44RAlhcAKC77rysh2cFmUjhU7iGujAtAKgtIgCeMeYl
WvX7AYbRjRgqajA6NPYQ5zM=
=Ykew
-----END PGP SIGNATURE-----