I'm no security expert, so bear with me! Just looking for some clarification.
regularly changing your passwords
It was my understanding studies have shown regularly changing passwords can be adverse, no? [1][2] Not sure if we have a stance on that, because this is the first time I've heard it come up.
I don't know if this is relevant to this particular incident of account hijacking, but I've also been told it's important to ensure your password is unique to Wikimedia, and to turn on two-factor authentication, if possible and you are willing to do so.[3][4]
[1] https://www.ftc.gov/news-events/blogs/techftc/2016/03/time-rethink-mandatory... [2] https://www.ncsc.gov.uk/guidance/password-guidance-simplifying-your-approach [3] https://meta.wikimedia.org/wiki/Password_strength_requirements/en#So_that%27... ? [4] https://office.wikimedia.org/wiki/Security_Basics#Passwords (staff only)
~Leon
On Wed, May 16, 2018 at 8:10 AM John Bennett jbennett@wikimedia.org wrote:
*On 8 May 2018, account hijacking activities were discovered on Wikiviajes
- Spanish Wikivoyage (es.wikivoyage.org http://es.wikivoyage.org). It
was identified by community stewards and communicated to the Trust and Safety, Legal, and Security teams who responded to the event. At this time the event is still under investigation and we are unable to share more about what is being done without risking additional hijacking of accounts. However, we feel it is important to share what details we can and inform the community of what happened. Similar to past security incidents, we continue to encourage everyone to take some routine steps to maintain a secure computer and account - including regularly changing your passwords, actively running antivirus software on your systems, and keeping your system software up to date. The Wikimedia Foundation's Security team and others are investigating this incident as well as potential improvements to prevent future incidents. We are also working with our colleagues in other departments to develop plans for how to best share future status updates on each of these incidents. However, we are currently focused on resolving the issues identified. If you have any questions, please contact the Trust and Safety team (ca{{@}}wikimedia.org http://wikimedia.org). John BennettDirector of Security, Wikimedia Foundation* _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l