I've disabled the ability to use blank passwords on wiki accounts.
For a long time we treated accounts very laxly in this regard; there generally wasn't _that_ much reason to secure a casual account unless you were one of the tiny number of sysops.
In recent years though the number of sysops has exploded, and we've added customization features like the user javascript which are cool but potentially really annoying if someone gets into your account and messes with them. As a small concession to security and accountability, it's time for blank passwords to go.
While running some password security checks, I found that a handful of sysop accounts had blank passwords. Probably some non-sysop accounts also had blanks.
Affected accounts can reset the password by the automated e-mail password gadget on the login form, unless of course they didn't put in an e-mail.
-- brion vibber (brion @ pobox.com)
A question, all those sockpupped accounts (Willy, the North Carolinan Communist etc...), do they use passwords?
On 1/31/06, Brion Vibber brion@pobox.com wrote:
I've disabled the ability to use blank passwords on wiki accounts.
For a long time we treated accounts very laxly in this regard; there generally wasn't _that_ much reason to secure a casual account unless you were one of the tiny number of sysops.
In recent years though the number of sysops has exploded, and we've added customization features like the user javascript which are cool but potentially really annoying if someone gets into your account and messes with them. As a small concession to security and accountability, it's time for blank passwords to go.
While running some password security checks, I found that a handful of sysop accounts had blank passwords. Probably some non-sysop accounts also had blanks.
Affected accounts can reset the password by the automated e-mail password gadget on the login form, unless of course they didn't put in an e-mail.
-- brion vibber (brion @ pobox.com)
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
I'd guess most of them do use a shared password.
Rob Church
On 01/02/06, Carl Fûrstenberg azatoth@gmail.com wrote:
A question, all those sockpupped accounts (Willy, the North Carolinan Communist etc...), do they use passwords?
On 1/31/06, Brion Vibber brion@pobox.com wrote:
I've disabled the ability to use blank passwords on wiki accounts.
For a long time we treated accounts very laxly in this regard; there generally wasn't _that_ much reason to secure a casual account unless you were one of the tiny number of sysops.
In recent years though the number of sysops has exploded, and we've added customization features like the user javascript which are cool but potentially really annoying if someone gets into your account and messes with them. As a small concession to security and accountability, it's time for blank passwords to go.
While running some password security checks, I found that a handful of sysop accounts had blank passwords. Probably some non-sysop accounts also had blanks.
Affected accounts can reset the password by the automated e-mail password gadget on the login form, unless of course they didn't put in an e-mail.
-- brion vibber (brion @ pobox.com)
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@wikimedia.org http://mail.wikipedia.org/mailman/listinfo/wikitech-l
wikitech-l@lists.wikimedia.org