Next Tuesday, March 15th [1], we will begin enforcing the result of the Password policy RFC [2] that took place on meta and closed in January. After Tuesday, users with access to sensitive information, or the ability to change the mediawiki interface will be required to use an 8-byte [3] long password. This affects all users in the Administrator, Bureaucrat, Checkusers, and Oversight groups on all wikis, along with a few other groups on particular wikis[4].

Users covered by the new policy, whose password is not currently compliant, will be prompted to change their password the next time they login.

Thanks,

Chris (Wikimedia Security Team)

[1] - https://wikitech.wikimedia.org/wiki/Deployments#Tuesday.2C.C2.A0March.C2.A015

[2] - https://meta.wikimedia.org/wiki/Requests_for_comment/Password_policy_for_users_with_certain_advanced_permissions

[3] - https://meta.wikimedia.org/wiki/Requests_for_comment/Password_policy_for_users_with_certain_advanced_permissions#Difference_between_bits.2C_bytes_and_characters

[4] - https://meta.wikimedia.org/wiki/Requests_for_comment/Password_policy_for_users_with_certain_advanced_permissions#Proposal