On Tue, 14 Aug 2007 13:45:47 -0400, Brion Vibber wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thomas Dalton wrote:
It's very unlikely that two people with the exact same username will pick the exact same lame password.
If they do, then they could have logged into each others' accounts anyway -- so it's high time for them to figure it out. ;)
They couldn't log into each other's accounts without knowing they had the same password, except by guessing. They wouldn't know that until this new special page told them. It's highly unlikely, sure, but not impossible. I doubt there are many people with accounts with the same password but different email address, so the gain is minimal. I don't think that minimal gain is worth the, admittedly small, chance of given someone access to someone else's account.
I disagree; I think this "risk" is laughably ridiculous if not nonexistent, and the huge benefit of increased automation far far far far far far outweighs it.
Plenty of people don't *have* an e-mail address set, or don't have it set at all wikis. Password login checks are the most secure and most reliable way to confirm that the real human owns the account.
It seems to me like a typical precision vs. recall situation. I think email has the best precision, certainly better than password, since it shows the accounts are technically already linked; but since we don't require it, and even if people do use it, they can easily use different addresses that may or may not even go to the same inbox, recall would be pretty low (lots of false negatives), possibly to the point where the whole thing becomes pointless.
Password matching should greatly increase recall and slightly decrease precision. So it would be ideal to try to limit the amount of mistakes and have a way to deal with them, but it's a matter of finding a way to do that's not too complicated to deal with a situation that might never arise.
For example, when comparing passwords, also compare with the 5 or so most likely passwords for that account; if you get a match, then tell them to come back after they've changed their password. This has the advantage that it's pretty simple, and would also address a situation that really does occur.