On Thu, Aug 7, 2014 at 8:10 AM, Risker <risker.wp(a)gmail.com> wrote:
A lot of the "solutions" normally bandied
about involve things like
two-factor identification, which has the "additional" password coming
through a separate route (e.g., gmail two-factor ID sends a second password
as a text to a mobile) and means having more expensive technology) or using
technology like dongles that cannot be sent to users in certain countries.
Actually, most modern internet implementations use the TOTP algorithm
open standard that anyone can use for free.
<https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm>
One of the most common methods, other than through text messages, is
the Google Authenticator App that anyone can download for free on a
smart phone. <https://en.wikipedia.org/wiki/Google_Authenticator>.
I'm not sure we can make any of these extra protections *required*
without a lot of discussion, but giving people the option will
certainly help. Wikimedians are usually a pretty geeky and paranoid
bunch, so I think a good amount of people would take advantage of
additional security features. This is especially true given how many
people use <https://en.wikipedia.org/wiki/Template:User_committed_identity>
on enwiki, something I've never really understood the point of. :-)
--
Casey Brown (Cbrown1023)
caseybrown.org