Again, Just theatrical security, Most people tend
to use the same
passwords everywhere, if this was the case for said Sysop, Their email
is also compromised. Also this would require wikis to have email
sending setup, as well as the user to have confirmed theirs.
That's the problem of user if they use same password, but I believe
that any users with any sense for security don't do that, sysops could
be instructed to use different password than in their email.
This
would be much simpler and it would actually make hacking
to sysop accounts much harder.
Not really, per my point above.
It would per my point above your point.
The problem here is that it doesn't really discuss how a sysop account has
been compromised; via the email account? Via some more direct method?
As pointed out it is somewhat security theatre.
Besides; you're looking for a problem to fit the solution. On English
Wikipedia compromised accounts are, in themselves, rare occurrences. And
compromised sysop accounts rarer (read; I've never seen one!).
We discussed this at length when implementing the age-desysoping, and
agreed it wasn't an entirely failsafe method against compromise. But it
does provide a level of scrutiny to a returning sysop; and really that is
all that is needed. The amount of damage a compromised sysop account could
do isn't critical and they can be stopped relatively easily - if they have
scrutiny.
This is the best form of security.
Tom