I really don't see an "immediate need". The worst-case scenario would be an abusive user running a bot on an admin account and going on a deletion spree at a time a steward was not readily available. This is an incredibly unlikely scenario, as the bot would have to be smart enough to unblock itself and remove autoblocks, in addition to having access to an admin account in the first place. Even if this ever did happen, any damage actually done would be temporary, as any admin action is reversible.
I think implementing password strength measures and forcing a password change on the next login for all users with insecure ones would be sufficient.
Gregory Maxwell wrote:
If we can get consensus to do it we could run a password cracker on all the hashes of the sysops passwords.. desysop the inactive ones with weak passwords, and quietly email the active ones with weak passwords and tell them to pick better ones.
Ultimately it would be nice if we had a password strength checker ... but doing this would address the immediate need.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l