[Labs-l] 2-factor shell auth

Daniel Friesen daniel at nadir-seen-fire.com
Wed Mar 6 19:20:47 UTC 2013


Key based auth isn't easy to do over HTTP.

And there have been talks about adding special password requirements,
2-factor auth, etc... for special user groups.

~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://danielfriesen.name/]

On 13-03-06 11:17 AM, Petr Bena wrote:
> It hurts because labs are not working very often.
>
> If you believe we desperately needs so great security why we didn't
> forbid password authentication on wikipedia so far? What if some sysop
> account or steward account get brute forced? That will be bigger
> disaster than someone getting into labs...
>
> On Wed, Mar 6, 2013 at 8:15 PM, Jeremy Baron <jeremy at tuxmachine.com> wrote:
>> On Wed, Mar 6, 2013 at 7:12 PM, Petr Bena <benapetr at gmail.com> wrote:
>>> Do you know that we are talking about labs and not production? I don't
>>> want to look like some insecure-stuff loving guy - but why in the
>>> world someone wanted to brute force into labs?
>> Why invite them to?
>>
>>> If I was hacker and I
>>> wanted to get into labs - I would just request an account and I would
>>> get it...
>> Also, some parts of labs may have different security needs than
>> others. Brute forcing a password gets you access to what that user
>> already has access to. Making a new account starts you out with almost
>> no access.
>>
>>> Do we need some high tech security here?
>> What does it hurt?
>>
>> _______________________________________________
>> Labs-l mailing list
>> Labs-l at lists.wikimedia.org
>> https://lists.wikimedia.org/mailman/listinfo/labs-l
> _______________________________________________
> Labs-l mailing list
> Labs-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/labs-l




More information about the Labs-l mailing list