On Thu, Aug 19, 2010 at 5:44 PM, David Gerard dgerard@gmail.com wrote:
People are also going to keep thinking they're clever by using "fuck" as a password. Remember last time?
Admins need to be forced to use secure passwords, using some standard intelligent password checker. (The default one on RHEL is excellent, if memory serves.) Nothing more than secure passwords is needed even for admins, and regular users should not be encouraged to use hard-to-remember passwords. Maybe we could ban the very most common passwords for regular users, at most. It wasn't too long ago that we allowed the empty string as a password.
On Thu, Aug 19, 2010 at 5:47 PM, Lane, Ryan Ryan.Lane@ocean.navo.navy.mil wrote:
World of Warcraft provides RSA cards to their users. People use them.
Because they have many thousands of dollars and man-hours invested in their account. Hackers who will try to guess their password and sell the loot are a very credible and damaging threat. Nothing comparable is true of Wikipedia. You have to tailor the security measures to the real-world threats.
Either way, I'd likely be the person writing this support, and it would be as an extension, or through another means that wouldn't require much effort.
I don't object to people writing whatever extensions interest them. Personally, I'd be surprised if you'll get Wikimedia sysadmins interested enough to turn it on, but that's not my decision.
This has strayed rather far from the original topic, though, so maybe it should split to a separate thread if anyone is interested in continuing.