On Thu, 3 Apr 2003 11:43:21 -0800, Jimmy Wales jwales@bomis.com wrote:
The scenario, which already happened once, is that a hostile person decides to make dozens of vandal-edits while logged in. In an emergency like that, sysops can (physically) ban the login id, but the bad person just keeps logging in with different ids.
That's what we want to be better able to defend against.
We could make it harder to have multiple ID's - requiring each ID to have a unique email address and verifying that by way of initial password issue would be one technique. It's not perfect, because anyone like me who owns a domain still has access to an infinite number of unique e-mail addresses.