On Thu, Aug 7, 2014 at 8:10 AM, Risker risker.wp@gmail.com wrote:
A lot of the "solutions" normally bandied about involve things like two-factor identification, which has the "additional" password coming through a separate route (e.g., gmail two-factor ID sends a second password as a text to a mobile) and means having more expensive technology) or using technology like dongles that cannot be sent to users in certain countries.
Actually, most modern internet implementations use the TOTP algorithm open standard that anyone can use for free. https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm One of the most common methods, other than through text messages, is the Google Authenticator App that anyone can download for free on a smart phone. https://en.wikipedia.org/wiki/Google_Authenticator.
I'm not sure we can make any of these extra protections *required* without a lot of discussion, but giving people the option will certainly help. Wikimedians are usually a pretty geeky and paranoid bunch, so I think a good amount of people would take advantage of additional security features. This is especially true given how many people use https://en.wikipedia.org/wiki/Template:User_committed_identity on enwiki, something I've never really understood the point of. :-)