The accounts could be compromised just using a brute force attacks which would be running for a long time. Since user would never know their account is being cracked, they would likely never bother with making their password more strong, neither report it somewhere. If I was an inactive sysop and I received a message that someone has done 500 000 login attempts over night, I would likely ask some bureaucrat to remove my sysop flag, since I don't even need it.
That's not possible now.
Regarding the hacked accounts, there were some in past, there was evidence of that on english wikipedia AFAIK. I still don't see "damage is not so big" as reason to drop work on improving the security.
On Wed, Apr 4, 2012 at 10:39 AM, Thomas Morton morton.thomas@googlemail.com wrote:
Again, Just theatrical security, Most people tend to use the same passwords everywhere, if this was the case for said Sysop, Their email is also compromised. Also this would require wikis to have email sending setup, as well as the user to have confirmed theirs.
That's the problem of user if they use same password, but I believe that any users with any sense for security don't do that, sysops could be instructed to use different password than in their email.
This would be much simpler and it would actually make hacking to sysop accounts much harder.
Not really, per my point above.
It would per my point above your point.
The problem here is that it doesn't really discuss how a sysop account has been compromised; via the email account? Via some more direct method?
As pointed out it is somewhat security theatre.
Besides; you're looking for a problem to fit the solution. On English Wikipedia compromised accounts are, in themselves, rare occurrences. And compromised sysop accounts rarer (read; I've never seen one!).
We discussed this at length when implementing the age-desysoping, and agreed it wasn't an entirely failsafe method against compromise. But it does provide a level of scrutiny to a returning sysop; and really that is all that is needed. The amount of damage a compromised sysop account could do isn't critical and they can be stopped relatively easily - if they have scrutiny.
This is the best form of security.
Tom _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l