Ok, your reply makes a lot of sense. However problem is that how users get more "hats" they are usually more afraid of loosing them :-) and would probably like to have an option to protect from attackers (I don't really know but I hope that people with some extra flags are trying to have a secure password at least). The account is getting more valuable and for example account of some stewards might be a good target for hackers. The question is how these people can defend themselves when the philosophy is "we don't need strong security because user accounts aren't valuable / can't do much damange to site" - when their account is compromised, they will surely have the flags revoked permanently, that's likely not what they want. So at some point, having more security measures which could be opt-in for people who do care about their account, in opposite of people whom account isn't interesting for hackers would make some point too. Given that there are thousands of sysops on big projects, I guess they would welcome to have this feature. (Not that I care, personally, I was just interested in implementing that to mediawiki)
On Wed, Apr 4, 2012 at 11:48 AM, Thomas Morton morton.thomas@googlemail.com wrote:
The current process needs to be done by hand, which isn't just
annoying, but also not fail safe, some accounts might be overlooked,
etc. Bureaucrats can mislick or forget.
Certainly automatic de-sysoping after a certain inactivity would be useful; an extension that does the notifications and ultimately the de-sysoping would be useful to automate the community approved process, don't get me wrong on that front, I like the idea!
The email account is likely much more safe than wikimedia account,
Not a good premise to take; email accounts are high value targets (as opposed to a Wikipedia account, which has relatively low general value). So although they are harder to crack (to a point) they are also more worthwhile targets.
So an email account is a significant risk.
And an account without an email address added could be argued to be *more*secure.
the google for example offers a
lot of security measures we don't, because they don't follow "hacking user wouldn't do much damage" philosophy.
It's largely security theatre; except the two factor authentication (which is actually useful). Our accounts simple aren't that valuable, which is why actual security of that form isn't really a good option. What you proposed is only really a stopgap.
And I guess many other providers do the same. Hacking to two accounts would be much harder than hacking one, given to that once the first account is hacked, the user would be immediately notified in email (hacker would have very limited time to hack to email box as well).
Realistically, and in my experience, this is not the case. You're relying on the user to respond, or being in a position to respond - which is the critical failing of the proposal.
When we do pen tests often we will make notifications of some sort appear in front of users to see how they respond to them - and often the response is confusion, not concern. Remember; the large part of the WM community is * not* technical.
Tom _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l