2FA would be a big prevention of these problems.
Allowing accounts to be handled through 3rd party services, such as a Github, would also prevent it. Github already has 2FA available for logins.
On Wed, Nov 16, 2016 at 10:26 AM, Stas Malyshev smalyshev@wikimedia.org wrote:
Hi!
I would be good to run a password strength checker at login time as well, as the software should, for a brief moment, have a copy of the plaintext password that can be scanned, before it hashes it for checking and forgets the plaintext.
Another measure may be to have a bot that scans the accounts periodically (maybe for starters only on admin, etc. high privilege accounts) and alerts on weakly-passworded ones? We know bad (or at least greyhat) guys do that, so maybe to prevent it we should try using the same approach?
-- Stas Malyshev smalyshev@wikimedia.org
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l