2FA would be a big prevention of these problems.
Allowing accounts to be handled through 3rd party services, such as a
Github, would also prevent it. Github already has 2FA available for logins.
On Wed, Nov 16, 2016 at 10:26 AM, Stas Malyshev <smalyshev(a)wikimedia.org>
wrote:
Hi!
I would be good to run a password strength
checker at login time as
well, as the software should, for a brief moment, have a copy of the
plaintext password that can be scanned, before it hashes it for checking
and forgets the plaintext.
Another measure may be to have a bot that scans the accounts
periodically (maybe for starters only on admin, etc. high privilege
accounts) and alerts on weakly-passworded ones? We know bad (or at least
greyhat) guys do that, so maybe to prevent it we should try using the
same approach?
--
Stas Malyshev
smalyshev(a)wikimedia.org
_______________________________________________
Wikitech-l mailing list
Wikitech-l(a)lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikitech-l