On Thu, Aug 19, 2010 at 5:44 PM, David Gerard <dgerard(a)gmail.com> wrote:
People are also going to keep thinking they're
clever by using "fuck"
as a password. Remember last time?
http://davidgerard.co.uk/notes/2007/05/07/tubgirl-is-love/
Admins need to be forced to use secure passwords, using some standard
intelligent password checker. (The default one on RHEL is excellent,
if memory serves.) Nothing more than secure passwords is needed even
for admins, and regular users should not be encouraged to use
hard-to-remember passwords. Maybe we could ban the very most common
passwords for regular users, at most. It wasn't too long ago that we
allowed the empty string as a password.
On Thu, Aug 19, 2010 at 5:47 PM, Lane, Ryan
<Ryan.Lane(a)ocean.navo.navy.mil> wrote:
World of Warcraft provides RSA cards to their users.
People use them.
Because they have many thousands of dollars and man-hours invested in
their account. Hackers who will try to guess their password and sell
the loot are a very credible and damaging threat. Nothing comparable
is true of Wikipedia. You have to tailor the security measures to the
real-world threats.
Either way, I'd likely be the person writing this
support, and it would be
as an extension, or through another means that wouldn't require much effort.
I don't object to people writing whatever extensions interest them.
Personally, I'd be surprised if you'll get Wikimedia sysadmins
interested enough to turn it on, but that's not my decision.
This has strayed rather far from the original topic, though, so maybe
it should split to a separate thread if anyone is interested in
continuing.