[WikiEN-l] How lovely, someone deleted the Main Page again

Gwern Branwen gwern0 at gmail.com
Mon May 7 06:16:32 UTC 2007


On  0, Gregory Maxwell <gmaxwell at gmail.com> scribbled:
> On 5/7/07, Mark Ryan <ultrablue at gmail.com> wrote:
> > On 07/05/07, Blu Aardvark <jeffrey.latham at gmail.com> wrote:
> > > In addition, it should be entirely disallowed for a user to create a
> > > password containing the string "password" or that is identical to their
> > > username.
> >
> > I agree entirely, except I think, for longer usernames at least, it
> > should not *contain* their username. But that sorta gets stuffed up
> > when people have like [[User:A]]. :-\
>
> If we can get consensus to do it we could run a password cracker on
> all the hashes of the sysops passwords.. desysop the inactive ones
> with weak passwords, and quietly email the active ones with weak
> passwords and tell them to pick better ones.
>
> Ultimately it would be nice if we had a password strength checker ...
> but doing this would address the immediate need.

I second this. The bad guys are already running password crackers. (And if they aren't already, these incidents guarantee someone will.) Let's beat'em to the punch.

Better that we learn from this while the damage is limited. There is no downside to requiring stronger passwords; fortunately for us, this is common sense which is legislate-able.

--
Gwern
Inquiring minds want to know.




More information about the WikiEN-l mailing list