Ok, your reply makes a lot of sense. However problem is that how users
get more "hats" they are usually more afraid of loosing them :-) and
would probably like to have an option to protect from attackers (I
don't really know but I hope that people with some extra flags are
trying to have a secure password at least).
Not a bad aim - I didn't intend to be outright discouraging :)
The account is getting
more valuable and for example account of some stewards might be a good
target for hackers.
Yes; Steward accounts are a whole different matter - I'd say they have a
much higher level of risk if compromised.
The question is how these people can defend
themselves when the philosophy is "we don't need strong security
because user accounts aren't valuable / can't do much damange to site"
- when their account is compromised, they will surely have the flags
revoked permanently, that's likely not what they want. So at some
point, having more security measures which could be opt-in for people
who do care about their account, in opposite of people whom account
isn't interesting for hackers would make some point too. Given that
there are thousands of sysops on big projects, I guess they would
welcome to have this feature. (Not that I care, personally, I was just
interested in implementing that to mediawiki)
As above; not a bad aim.
One good idea would be to enforce some sort of minimum password standard -
that can help with brute force attack vectors.
Tom