-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Thomas Dalton wrote:
It's very unlikely that two people with the exact same username will pick the exact same lame password.
If they do, then they could have logged into each others' accounts anyway -- so it's high time for them to figure it out. ;)
They couldn't log into each other's accounts without knowing they had the same password, except by guessing. They wouldn't know that until this new special page told them. It's highly unlikely, sure, but not impossible. I doubt there are many people with accounts with the same password but different email address, so the gain is minimal. I don't think that minimal gain is worth the, admittedly small, chance of given someone access to someone else's account.
I disagree; I think this "risk" is laughably ridiculous if not nonexistent, and the huge benefit of increased automation far far far far far far outweighs it.
Plenty of people don't *have* an e-mail address set, or don't have it set at all wikis. Password login checks are the most secure and most reliable way to confirm that the real human owns the account.
- -- brion vibber (brion @ wikimedia.org)