Remember Soft Security.
The biggest defense Wikipedia has is its undamageability and the goodwill of the vast majority of the contributors. Remember that when we have discussions about security.
On 5/7/07, Steve Summit scs@eskimo.com wrote:
Gregory Maxwell wrote:
Most people given those restrictions type out letter patterns on the keyboard. Cracking programs like john the ripper have rules systems which predict such patterns with frightening accuracy.
But those predictions are only useful if the attacker has unlimited login attempts. If we're taking the step of asking users (and admins) to pick stronger passwords, we should absolutely at the same time be taking steps in software to detect repeated login failures and (a) lock out the account, (b) slow way down, and/or (c) notify the (real) user.
WikiEN-l mailing list WikiEN-l@lists.wikimedia.org To unsubscribe from this mailing list, visit: http://lists.wikimedia.org/mailman/listinfo/wikien-l