[Foundation-l] [Wikitech-l] Password security notes
Jeff V. Merkey
jmerkey at wolfmountaingroup.com
Mon May 7 22:31:20 UTC 2007
Steve Sanbeg wrote:
>On Mon, 07 May 2007 16:19:28 -0600, Jeff V. Merkey wrote:
>
>
>
>
>>What you should do here is after three failed attempts **CHANGE** the
>>password and email the new password
>>to the affected account. Otherwise, the account is locked up. It will
>>require people enter a valid email address, but oh well.
>>
>>Jeff
>>
>>
>
>DOS and spam seems like adding insult to injury. I'd expect lot of
>complaints from the poor users who's passwords change hourly.
>
>Slowing down the response rate based on the number of requests seems less
>painful.
>
>
>
>
Actually no. Only one password email can be sent every 24 hours. This is
how the current MediaWiki works, so this
would work well.
Jeff
>
>_______________________________________________
>Wikitech-l mailing list
>Wikitech-l at lists.wikimedia.org
>http://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
>
>
More information about the foundation-l
mailing list