> > Ok, your reply makes a lot of sense. However problem is that how users > get more "hats" they are usually more afraid of loosing them :-) and > would probably like to have an option to protect from attackers (I > don't really know but I hope that people with some extra flags are > trying to have a secure password at least).
Not a bad aim - I didn't intend to be outright discouraging :) > The account is getting > more valuable and for example account of some stewards might be a good > target for hackers. Yes; Steward accounts are a whole different matter - I'd say they have a much higher level of risk if compromised. > The question is how these people can defend > themselves when the philosophy is "we don't need strong security > because user accounts aren't valuable / can't do much damange to site" > - when their account is compromised, they will surely have the flags > revoked permanently, that's likely not what they want. So at some > point, having more security measures which could be opt-in for people > who do care about their account, in opposite of people whom account > isn't interesting for hackers would make some point too. Given that > there are thousands of sysops on big projects, I guess they would > welcome to have this feature. (Not that I care, personally, I was just > interested in implementing that to mediawiki) As above; not a bad aim. One good idea would be to enforce some sort of minimum password standard - that can help with brute force attack vectors. Tom _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l