The accounts could be compromised just using a brute force attacks which would be running for a long time. Since user would never know their account is being cracked, they would likely never bother with making their password more strong, neither report it somewhere. If I was an inactive sysop and I received a message that someone has done 500 000 login attempts over night, I would likely ask some bureaucrat to remove my sysop flag, since I don't even need it.
That's not possible now. Regarding the hacked accounts, there were some in past, there was evidence of that on english wikipedia AFAIK. I still don't see "damage is not so big" as reason to drop work on improving the security. On Wed, Apr 4, 2012 at 10:39 AM, Thomas Morton <morton.tho...@googlemail.com> wrote: >> >> > Again, Just theatrical security, Most people tend to use the same >> > passwords everywhere, if this was the case for said Sysop, Their email >> > is also compromised. Also this would require wikis to have email >> > sending setup, as well as the user to have confirmed theirs. >> > >> >> That's the problem of user if they use same password, but I believe >> that any users with any sense for security don't do that, sysops could >> be instructed to use different password than in their email. >> >> >> This would be much simpler and it would actually make hacking >> >> to sysop accounts much harder. >> > >> > Not really, per my point above. >> > >> >> It would per my point above your point. >> > > > The problem here is that it doesn't really discuss how a sysop account has > been compromised; via the email account? Via some more direct method? > > As pointed out it is somewhat security theatre. > > Besides; you're looking for a problem to fit the solution. On English > Wikipedia compromised accounts are, in themselves, rare occurrences. And > compromised sysop accounts rarer (read; I've never seen one!). > > We discussed this at length when implementing the age-desysoping, and > agreed it wasn't an entirely failsafe method against compromise. But it > does provide a level of scrutiny to a returning sysop; and really that is > all that is needed. The amount of damage a compromised sysop account could > do isn't critical and they can be stopped relatively easily - if they have > scrutiny. > > This is the best form of security. > > Tom > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
