[Labs-l] 2-factor shell auth (was:second attempt to request alternative login server)
Petr Bena
benapetr at gmail.com
Wed Mar 6 19:17:49 UTC 2013
It hurts because labs are not working very often.
If you believe we desperately needs so great security why we didn't
forbid password authentication on wikipedia so far? What if some sysop
account or steward account get brute forced? That will be bigger
disaster than someone getting into labs...
On Wed, Mar 6, 2013 at 8:15 PM, Jeremy Baron <jeremy at tuxmachine.com> wrote:
> On Wed, Mar 6, 2013 at 7:12 PM, Petr Bena <benapetr at gmail.com> wrote:
>> Do you know that we are talking about labs and not production? I don't
>> want to look like some insecure-stuff loving guy - but why in the
>> world someone wanted to brute force into labs?
>
> Why invite them to?
>
>> If I was hacker and I
>> wanted to get into labs - I would just request an account and I would
>> get it...
>
> Also, some parts of labs may have different security needs than
> others. Brute forcing a password gets you access to what that user
> already has access to. Making a new account starts you out with almost
> no access.
>
>> Do we need some high tech security here?
>
> What does it hurt?
>
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l
More information about the Labs-l
mailing list