On 2/7/14, Steven Walling
<steven.walling(a)gmail.com> wrote:
If feel like I should reiterate why I proposed
this change. Maybe no one
cares, but I think it might help convince folks this is NOT an argument
for
"let's reduce user freedom in the name
of security."
I didn't worked on the RFC because I love tinkering with password
security
in my spare time and know lots about it. Far from
it. I did it because I
think we're failing MediaWiki users on *all installations* by inviting
them
to sign up for an account, and then failing to
set default requirements
that help them adequately secure those accounts. Users tend to follow
defaults and do the minimum effort to reach their goals -- in this case
to
sign up and then get editing. It's our job as
the MediaWiki designers and
developers to set good defaults that encourage account security without
being excessively annoying.
In addition to just being sane about security defaults, there is more.
Allow me to wax poetic a moment... If you can edit anonymously, why do we
allow and encourage registration at all? Many reasons of course, but one
of
them is because it is a rewarding experience to
have a persistent
identity
on a wiki. We all know how real that identity
becomes sometimes. When I
meet Krinkle or MZMcbride in real life, I don't call them Timo and Max.
Or
if I do, I don't think of them as those names
in my head.
When wiki users start an account, they might think that they are just
creating something unimportant. They may actually have bad intentions.
But
part of this is that we're offering people an
account because it gives
them
a chance to be recognized, implicitly and
explicitly, for the work they
do
on our wikis.
I think setting a default of 1 character passwords required doesn't
reinforce the idea that an account is something you might actually come
to
cherish a bit, and that it might even represent
you in some important way
to others. By signaling to new users that an account is so worthless that
it's cool if you have a one character password... well, is that really
such
a good thing?
On Thu, Feb 6, 2014 at 5:44 PM, MZMcBride <z(a)mzmcbride.com> wrote:
> P.S. I also casually wonder whether there's a reasonable argument to be
> made here that requiring longer passwords will hurt editor retention
more
than it
helps, but this thought is still largely unformed and unfocused.
I think that's a canard. There are many many sites that do not have user
acquisition or retention problems, while also having sane password length
requirements. Yes, this is a potential extra roadblock, which may
slightly
reduce conversion rates on the signup form by
slowing people down.
However,
one of the clear arguments in favor of doing this
now (as opposed to say,
back in 2001) is that users will largely expect an account on a popular
website to require them to have a password longer than 1 character.
If we really are scared about the requirements in our signup form driving
people away from editing, we can make many user experience improvements
that would, like every other site, offset the terrible awful horrible
evil
of requiring a six character password. I'd be
happy to list specifics if
someone wants, but this email is already too long.
Steven
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Thanks for the background, I think its important to know the "why" for
a change, not just a what. However it doesn't address what I see as
the main concern being raised about this proposal - the lack of a
threat model. Who is the enemy we're concerned about breaking into
accounts? What is the enemy's resources? Anything done for security
should be in reference to some sort of threat model. Otherwise we will
probably end up implementing security that does not make sense, things
that protect one aspect without protecting the important aspect, etc.
Well most people think having distinct identities on wiki is
important, what we need to protect them from is going to vary wildly
from person to person. It wouldn't surprise me if the hard-core
SoftSecurity people would argue for an honour system...
Users tend to follow
defaults and do the minimum effort to reach their goals -- in this case
to
sign up and then get editing.
'password' is probably less secure than most one letter passwords.
--bawolff
p.s. I don't think stronger password requirements will have much of an
affect on user retention assuming the requirements aren't insane (e.g.
Don't require a password min 9 max 13 characters long with exactly 7
symbols and no more than 2 numbers)
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l