Re: [Wikitech-l] New Wikimedia password policy and requirements
Oh my. These might be the most sensible password policies I have seen implemented since, I think, ever: 1. Must have a certain length. 2. Can not be one of the most used passwords. 3. Ah, and don't be so silly to repeat your user name. 4. That's all. No made up rules like "must contain at least one special character from a set of actually not so special characters" that force users to make their passwords actually less secure. Thanks a lot to the team working on this, and the code that backs this up! Best Thiemo PS: Now we just need to know what the 100,001st most used password is. ;-) ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Re: [Wikitech-l] New Wikimedia password policy and requirements
Hi Chris, Did you base your new policy on https://pages.nist.gov/800-63-3/sp800-63b.html#memsecret ? I didn't see any reference to it. You might want to check it out and reference it. Maarten On 06-12-18 20:34, Chris Koerner wrote: The Wikimedia Foundation security team is implementing a new password policy and requirements. [0] You can learn more about the project on MediaWiki.org. [1] These new requirements will apply to new accounts and privileged accounts. New accounts will be required to create a password with a minimum length of 8 characters. Privileged accounts will be prompted to update their password to one that is at least 10 characters in length. These changes are planned to be in effect on December 13th. If you think your work or tools will be affected by this change, please let us know on the talk page. [2] [0] https://meta.wikimedia.org/wiki/Password_policy [1] https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Password_strengthening_2019 [2] https://www.mediawiki.org/wiki/Talk:Wikimedia_Security_Team/Password_strengthening_2019 Yours, Chris Koerner Community Relations Specialist Wikimedia Foundation ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
[Wikitech-l] New Wikimedia password policy and requirements
The Wikimedia Foundation security team is implementing a new password policy and requirements. [0] You can learn more about the project on MediaWiki.org. [1] These new requirements will apply to new accounts and privileged accounts. New accounts will be required to create a password with a minimum length of 8 characters. Privileged accounts will be prompted to update their password to one that is at least 10 characters in length. These changes are planned to be in effect on December 13th. If you think your work or tools will be affected by this change, please let us know on the talk page. [2] [0] https://meta.wikimedia.org/wiki/Password_policy [1] https://www.mediawiki.org/wiki/Wikimedia_Security_Team/Password_strengthening_2019 [2] https://www.mediawiki.org/wiki/Talk:Wikimedia_Security_Team/Password_strengthening_2019 Yours, Chris Koerner Community Relations Specialist Wikimedia Foundation ___ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l