Don't leave your fly open

From Meta, a Wikimedia project coordination wiki

Hierdie is 'n opstel. Dit gee die mening en idees van enkele gebruikers op Meta-Wiki weer, maar word waarskynlik nie deur almal ondersteun nie. Dit is ook nie 'n amptelike beleid of riglyn op Meta-Wiki nie, maar dit mag wel een op ander Wikimedia-projekte wees. Voel asseblief vry om hierdie bladsy soos nodig by te werk, of gebruik die kletsblad om groot wysigings voor te stel. هذه نصيحة. تعبر عن آراء وأفكار بعض مستخدمي ميتا-ويكي لكن قد لا تكون مدعومة على نطاق واسع. هذه ليست سياسة على ميتا-ويكي، لكنها قد تكون سياسة أو إرشاد في مشاريع ويكيميديا آخرى. لا تتردد في تحديث هذه الصفحة عن الحاجة، أو استخدم صفحة النقاش للتعديلات الجوهرية. Ovo je esej. Sadrži misli i ideje nekih korisnika Meta-Wikija, ali ne mora nužno da bude široko prihvaćen. Ovo nije pravilo na Meta-Wikiju, ali može da budi pravilo ili uputa na drugim projektima Wikipedije. Slobodno promijenite ovu stranu po potrebi ili koristite stranu za razgovor za veće promjene. Açò és un assaig. Expressa les opinions i idees d'alguns usuaris de Wikimedia o del Meta-Wiki però pot ser que no tingui un ampli suport. Això no és una política del Meta-Wiki, però pot ser política o guia d'estil en algun altre projecte Wikimedia. Sentiu-vos lliures d'actualitzar aquesta pàgina quan faci falta o utilitzeu la pàgina de discussió per a proposar-hi canvis d'importància. Dette er et essay. Det udtrykker visse Wikimedia- eller Meta-Wiki-brugeres holdninger og idéer, som ikke nødvendigvis deles af et flertal. Dette udgør ikke en politik på Meta-Wikien, men det kan være en politik eller et regelsæt på et andet Wikimedia-projekt. Du er velkommen til at ændre denne side efter behov, eller til at foreslå større ændringer på diskussionssiden. Dies ist ein Essay. Er drückt die Meinungen und Ideen einiger Meta-Wiki-Benutzer aus und wird eventuell nur von wenigen Benutzern unterstützt. Dies ist keine Richtlinie aus dem Meta-Wiki, kann aber Richtlinie oder Leitsatz in anderen Wikimedia-Projekten sein. Tu dir keinen Zwang an und aktualisiere diese Seite falls nötig, oder benutze die Diskussionsseite, um größere Veränderungen vorzuschlagen. This is an essay. It expresses the opinions and ideas of some wikimedians or Meta-Wiki users but may not have wide support. This is not policy on the Meta-Wiki, but it may be policy or guideline on other Wikimedia projects. Feel free to update this page as needed, or use the discussion page to propose major changes. Esto es un ensayo. Este texto expresa opiniones e ideas de algunos usuarios pero éstas no tienen un amplio consenso. Esto no es una política de Meta pero sí puede serlo en otros proyectos. Sea usted libre de actualizar esta página o use su página de discusión para proponer cambios mayores. Jen eseo. Ĝi esprimas la opiniojn kaj ideojn de iuj Vikipediistoj aŭ uzantoj de Meta-Wiki, sed eble ne havus vastan subtenon. Ĝi ne estas la regularo de Meta-Wiki, sed ĝi eble estas regularo en aliaj projektoj de Wikipedia. Laŭvole ĝisdatigu ĉi tiun paĝon laŭ bezono, aŭ uzu la diskuto-paĝon por proponi grandajn ŝanĝojn. این صفحه یک انشا است. این صفحه نظر و ایدهٔ برخی از کاربران فراویکی را بیان می‌کند اما ممکن است از حمایت گسترده‌ای برخوردار نباشد. این صفحه یک سیاست در فراویکی نیست، اما ممکن است سیاست یا رهنمودی در دیگر پروژه‌های ویکی‌مدیا باشد. آزادانه آن را به روز کنید، و برای تغییرهای بزرگ از صفحهٔ بحث استفاده کنید. Tämä on essee. Se ilmaisee joidenkin wikimedialaisten tai Meta-Wikin käyttäjien mielipiteitä tai ajatuksia, mutta sillä ei välttämättä ole laajaa kannatusta. Tämä ei ole Meta-Wikin käytäntö, mutta saattaa olla käytäntö tai ohje muissa Wikimedia-hankkeissa. Päivitä tätä sivua tarpeen mukaan tai ehdota isoja muutoksia keskustelusivulla. Ceci est un essai. Il exprime les opinions et les idées de certains contributeurs de Meta-Wiki, mais peut ne pas renconter le soutien des autres. Il n'est ni une règle ou une recommandation sur Meta-Wiki, mais peut l'être sur d'autres projets Wikimédia. N'hésitez pas à modifier cette page si besoin est, ou à proposer des changements majeurs sur la la page de discussion. Dit is in essay. It jout mieningen en ideeën wer fan guon meidoggers op Meta-Wiki, mar it is net sein dat eltsenien it der mei iens is. Dit is ek gjin offisjeel belied of rjochtline op Meta-Wiki, al kin dat wol sa wêze op oare Wikimedia-projekten. Fiel jo frij om dizze side wêr't dat nedich is bij te wurkjen of om grutte wizigings út te stellen op de oerlisside. עברית: דף זה הוא מאמר. הדף מבטא את הדעות והרעיונות של חלק מהמשתמשים במיזמי קרן ויקימדיה או במטא־ויקי, אך ייתכן שאין להם תמיכה נרחבת. דף זה הוא לא דף מדיניות במטא־ויקי, אך ייתכן שהוא דף מדיניות או דף הנחיות במיזמי ויקימדיה אחרים. הרגישו חופשיים לעדכן את הדף לפי הצורך, או השתמשו בדף השיחה להצעת שינויים משמעותיים. Ovo je esej. Sadrži mišljenja i ideje nekih korisnika Meta-Wikija, ali ne mora nužno biti široko prihvaćen. Ovo nije pravilo na Meta-Wikiju, ali može biti pravilo ili uputa na drugim Wikimedijinim projektima. Slobodno promijenite ovu stranicu po potrebi ili koristite stranicu za razgovor za predlaganje većih promjena. Ez egy esszé. Néhány Wikimédia- vagy Meta-Wiki-felhasználó véleményét fejezi ki, de lehet, hogy nem kapott széles körű támogatást. Nem irányelv a Meta-Wikin, de irányelv vagy útmutató lehet más Wikimédia-projektekben. Szabadon frissítheted ezt a lapot, ha szükséges, vagy használd a vitalapot, ha nagyobb változtatást szeretnél javasolni. Isto es un essayo. Illo exprime le opiniones e ideas de alcun wikimedianos o usatores de Meta-Wiki, ma pote non esser appoiate per le consenso general. Isto non es un politica del Meta-Wiki, ma pote esser un politica o directiva in altere projectos de Wikimedia. Sia libere de actualisar iste pagina in caso de necessitate, o usa le pagina de discussion pro proponer major alterationes. Ini adalah sebuah esai. Esai ini menyatakan pendapat dan gagasan dari beberapa Wikimediawan atau pengguna Meta-Wiki dan mungkin tidak didukung oleh komunitas secara meluas. Esai ini bukan kebijakan Meta-Wiki, tapi mungkin saja merupakan kebijakan atau pedoman di proyek-proyek Wikimedia lainnya. Silakan memperbarui halaman ini seperlunya, atau gunakan halaman pembicaraan untuk mengusulkan perubahan besar. Questo è un saggio. Esprime le opinioni e le idee di alcuni contributori di Meta-Wiki, ma può non incontrare il sostegno di altri. Non è una raccomandazione o una linea guida su Meta-Wiki, ma lo potrebbe essere su altri progetti Wikimedia. Non esitate a modificare questa pagina se occorre, o a proporre modifiche rilevanti nella sua pagina di discussione. この記事はエッセイです。何人かのメタウィキの利用者の意見と考えを表していますが、幅広い支持を得ているとは限りません。メタウィキの方針ではありませんが、他のウィキメディア・プロジェクトの方針かガイドラインであるかもしれません。必要に応じてこのページを遠慮なく編集し、大きな変更の提案にはこの記事のノートを使用してください。 이 문서는 수필입니다. 이것은 일부 사용자의 의견을 나타낸 것으로, 총의를 얻지 않았을 수 있습니다. 이 문서는 메타위키 정책은 아니지만, 다른 위키미디어 프로젝트에서 정책이나 지침으로 사용하고 있을 수도 있습니다. 이 문서를 편집하거나 주요 내용을 바꿔야 한다면 토론 문서를 이용해 주세요. Ова е есеј. Во него е искажано мислењето и идеите на извесни викимедијанци или корисници на Мета-Вики, но не значи дека тоа ужива широка поддршка. Ова не претставува правило на Мета-Вики, но може да виде правило или напатствие на други проекти на Викимедија. Најслободно менувајте ја страницава, или пак користете ја страницата за разговор ако сакате да предложите некои поголеми промени. हा एक निबंध आहे. यामध्ये काही विकिपीडिया सदस्यांची किंवा मेटा-विकि सदस्यांची मते आणि कल्पना मांडण्यात आल्या आहेत. त्यांना बहुतांशांचा पाठिंबा असेलच असे नाही. हा निबंध मेटा-विकिवरील धोरण मांडत नाही, पण इतर काही विकिमीडिया प्रकल्पांमध्ये हा निबंध धोरण किंवा मार्गदर्शक तत्व म्हणून वापरला जात असणे शक्य आहे. आवश्यक असेल तेव्हा विनासंकोच हे पान संपादित करा किंवा काही मोठे बदल सुचविण्यासाठी चर्चा पानाचा उपयोग करा. Ini adalah sebuah karangan. Ia menyatakan pendapat serta buah fikiran sesetengah ahli wikimedia atau pengguna Meta-Wiki tetapi tidak semestinya mempunyai sokongan yang meluas. Ini bukannya polisi di Meta-Wiki, tetapi ia mungkin merupakan polisi atau garis panduan di projek-projek Wikimedia lain. Silakan mengemaskini laman ini jika perlu, atau gunakan laman perbincangannya untuk mengusulkan perubahan-perubahan yang besar. Dit is een essay. Het geeft de meningen en ideeën van enkele gebruikers op Meta-Wiki weer, maar wordt waarschijnlijk niet door iedereen gesteund. Dit is ook geen officieel beleid of richtlijn op Meta-Wiki, maar dat kan het wel zijn op andere Wikimedia-projecten. Voel u vrij om deze pagina als nodig bij te werken, of om de overlegpagina te gebruiken om grote wijzigingen voor te stellen. Aquò es una redaccion. Exprimís las opinions e las idèas d'unes contributors de MetaWiki, mas pòt rencontrar pas lo sosten dels autres. Es pas una règla o una recomandacion sus MetaWiki, mas o pòt èsser sus d'autres projèctes Wikimèdia. Esitetz pas a modificar aquesta pagina se fa mestièr, o a prepausar de cambiaments màgers sus la la pagina de discussion. Ten artykuł jest esejem. Wyrażone są w nim opinie i pomysły niektórych wikimedian lub użytkowników Meta-Wiki, ale niekoniecznie mają szersze poparcie. Nie jest to zasada obowiązująca na Meta-Wiki, ale może to być zasada lub zalecenie na innych projektach Wikimediów. Możesz aktualizować tę stronę w razie potrzeby lub skorzystaj ze strony dyskusji artykułu aby zaproponować większe zmiany. Isto é um ensaio. Ele expressa as opiniões e idéias de vários wikimedianos ou usuários do Meta-Wiki mas pode não ter grande respaldo. Isto não é uma política no Meta-Wiki, mas pode ser uma política ou orientação em outros projetos da Wikimedia. Sinta-se livre para atualizar esta página quando necessário, ou use a página de discussão para propor alterações maiores. Acesta este un eseu. Aici sînt exprimate opiniile şi ideile unor utilizatori de pe Meta-Wiki, dar este posibil să nu aibă accepţiune majoritară. Aceasta nu are titlu de politică pe Meta-Wiki, dar poate fi politică sau ghid de reguli pe alte proiecte ale Wikipediei. Poţi să îmbunătăţeşti această pagină după cum crezi adecvat, sau să foloseşti pagina de discuţie pentru a propune schimbări majore. Это эссе. Оно выражает мнения и идеи некоторых пользователей Мета-вики, но может не пользоваться широкой поддержкой. Эссе не является правилом Мета-вики, но, вероятно, может быть правилом или руководством в других проектах Викимедиа. Вы можете обновлять эту страницу как считаете нужным или воспользоваться страницей обсуждения, чтобы предложить масштабные изменения. Ово је есеј. Садржи мисли и идеје неких корисника Мета-Викија, али не мора да буде широко прихваћен. Ово није правило на Мета-Викију, али може да буде правило или упутство на другим пројектима Викимедије. Не устручавајте се да промените ову страну по потреби или користите страну за разговор да бисте предложили веће промене. Den här sidan är en essä. Den är inte en av Wikimedias policys eller riktlinjer, och återspeglar kanske endast författarnas åsikter. Uppdatera sidan om det behövs eller diskutera innehållet på diskussionssidan. หน้านี้เป็นข้อเขียน แสดงถึงความคิดหรือไอเดียของผู้ใช้วิกิมีเดียหรือเมต้าวิกิบางคนซึ่งอาจจะยังไม่ได้รับการสนับสนุนกว้างอย่างขวางนัก นี่ไม่ใช่นโยบายบนเมต้าวิกิ, แต่อาจเป็นนโยบายหรือแนวทางของโครงการอื่น ๆ ของวิกิมีเดีย อย่ากังวลในการแก้ไขหน้านี้ตามที่คุณต้องการ หรือใช้หน้าอภิปรายในการเสนอการเปลี่ยนแปลงใหญ่ ๆ Đây là một bài luận. Nó thể hiện ý kiến và ý tưởng của một số thành viên Wikimedia hoặc Meta-Wiki và có thể không được đồng tình một cách rộng rãi. Đây không phải là quy định tại Meta-Wiki, nhưng nó có thể là quy định hoặc hướng dẫn tại các dự án khác của Wikimedia. Xin hãy thoải mái cập nhật trang này nếu cần, hoặc sử dụng trang thảo luận để đề xuất những thay đổi lớn. 这是一篇论述。它只表达了部分维基人或元维基使用者的意见及观点，此等观点可能未获得广泛支持。这不是元维基的政策，但可能是属于其他维基计划的政策或指引。如有需要，欢迎更新本页面，或在讨论页提出修改的建议。 这是一篇论述。它只表达了部分维基人或元维基使用者的意见及观点，此等观点可能未获得广泛支持。这不是元维基的政策，但可能是属于其他维基计划的政策或指引。如有需要，欢迎更新本页面，或在讨论页提出修改的建议。 這是一篇論述. 它只表達了部分維基人或元維基使用者的意見及觀點，此等觀點可能未獲得廣泛支持。 這不是元維基的政策，但可能是屬於其他維基計劃的政策或指引。如有需要，歡迎更新本頁面，或在討論頁提出修改的建議。 [translate]

Security is a big concern for Wikimedia projects, and there are several mechanisms in place to tighten this security, but the number one deterrent of account hijacking is you. Failing to protect yourself online, such as by choosing a weak password that is easy to guess, such as "1234" or "password", is simply asking for trouble – just like walking around with your fly open. We recommend that you avoid getting caught with your fly open, by choosing a strong password and taking steps to prevent your account from being hijacked. This essay is meant to highlight some of the simple, easy-to-do, and common-sense things that everyone can do to have greater security, but is by no means a complete guide to network or Internet security.

[edit] How to choose a strong password

• Longer passwords are better: a minimum of eight alphanumeric characters is usually suggested, with mixed cases in the alphabetic characters.
• Do not use birth dates, family names, phone/social security/passport/id numbers, or any other information tied personally to you or someone you know.
• Do not use words that may appear in any dictionary (e.g., no foreign words either).
• Use nonsensical strings of characters (e.g., not dictionary words) and ideally randomly chosen ones only. Use a mnemonic if necessary; for example, "My First Cousin Al lives in Denver" is an aid to remember "M1CA11inD" (note the use of 1 instead of L). However, this specific character string is not suited as a password -- but see below.
• Do not use a password that has been used as an example of a good one (like "M1CA11inD", which appears above).
• Use spaces, punctuation, special characters or symbols, such as =, #, /, or ©. These are permitted in all Wikimedia log-ins.
• See password strength for explanations and more tips.

Our system allows you to use a passphrase rather than just a single word. If your password is long enough you can ignore many of the common tips like avoiding dictionary words. For example "twig let iffy date ron carl" is a password which is very strong even though it contains dictionary words. NB: Phrases from quotation collections are just as bad as dictionary words -- they have been published and can be tried one after another. Gaul is divided into three parts, I came - I saw - I conquered, You too, Brutus? are three bad examples with connections to Julius Caesar. Many other examples should come to easily to mind, and if they do will be bad choices as well.

[edit] How to prevent account hijacking

In addition to selecting a strong password, there are many precautions you should take to prevent your account from becoming hijacked.

[edit] Editing from public computers

As a general rule of thumb, you should never edit from a public computer, such as those in libraries or schools. If you feel that you absolutely must log-in to your Wikimedia account, please be sure to abide by the following:

• Create a separate account for use on public computers, or just edit without logging in. This account should have a password and e-mail that is distinct from your main account, and you should place a notice on the account's userpage indicating that it is your alternate account.
• You should never log into an account with Sysop, CheckUser, Oversight, or other privileges on a public computer.
• Be sure to log out when you are finished, and also make sure you clear the cookie files and the local cache files on that machine. Note that many browsers can save the answers to forms you fill out (including your login form); if the one you used was set to do so, be certain to tell the browser to forget any that it has collected. Browsers vary in their arrangements for these conveniences, and have changed them between released versions, so care is required.
• Beware of shoulder surfers when logging in.

[edit] Good home computer hygiene

Additionally, there are many steps that should be taken to ensure "good computer hygiene" at home, namely:

• Protect your own computer operating system log-in account with a password, and set it up to automatically log-off after a brief period of inactivity, if possible.
• Do not use toolbars or Browser Helper Objects (BHOs) supplied by untrustable third parties. Use cautious settings for such software even from typically trusted vendors, such as Google, Yahoo, Microsoft, or Symantec, if you must use such add-ons.
• If your browser is set to remember your login/password for Web sites, make sure the browser's password manager has a strong master password (Firefox users have this ability), or clear the password memory before shutting down. Preferably, no software on your computer should store any password, but if you must, your browser should be set to use your operating system's password manager, which should also have a strong password and use strong encryption. For more on password managers, see w:Password manager.
• Avoid writing your password or username down, but if you must, never do so within reach of your computer's location(s). And do not keep passwords in a human readable computer file on the machine.
• Do not use the same password on different websites. In particular, do not use your wiki password for mailing lists or IRC channels, as these tend to be far less secure than the Internet as a whole.
• Install, and maintain, a good, well known anti-virus program such as Norton Internet Security, McAfee Security Center, or AVG Antivirus, for Windows systems. Linux systems are far less afflicted with malware such as viruses or Trojans. Also get and install a reputable firewall. On Windows, Zone Alarm, McAfee, and Symantec are well known. On Linux systems, the firewall included in the kernel in all recent releases is satisfactory. All must be sensibly configured, else none will be effective. There are many other options, including hardware firewalls such as in routers. All these must be sensibly configured as well. Consult a knowledgeable system administrator, PC repair professional, or retail salesperson in your area for more advice and information. There is much confusion around these matters, so caution is necessary, as some will claim knowledge beyond their competence; such advice is not likely to be actually useful.

[edit] Beware of phishermen

Phishing is a method of account hijacking that is becoming increasingly more common. It involves the use of e-mails and web pages designed to fool users into thinking that information is requested from them by an authority they trust. An example of a phishing attempt would be a page that looks exactly like the Wikipedia log-in page, but when you click "submit" you send your username and password not to Wikimedia's servers, but to a phisherman's inbox. Here are a few steps you can take to help protect yourself from phishing:

• Always double-check the URL on any page on which you submit a password. For example, if you are logging into the English Wikipedia, you should always ensure that you are currently viewing http://en.wikipedia.org/wiki/Special:Userlogin .
• Be wary even of pages on Wikimedia wikis. As they are all open content, it's not inconceivable that a phishing attempt may appear on, for instance, a Wikipedia page.
• Never give out your password to anyone, even if you are positive that they are employees of the Wikimedia Foundation. No one with the foundation should ever ask for your password or other personal information.
• Use caution when following hyperlinks, especially those found in emails or on untrustworthy websites. If the site is one in which you will enter a password or any other personal information, travel to it using a bookmark or by typing what you know to be the correct URL into the address bar, if possible. Hovering over a link with your mouse and checking at the URL that appears in your status bar offers some protection, but the URL in the status bar can be easily forged, so this method is by no means foolproof. To be sure what site a link is pointing to, check the source code. Finally, some software automatically turns plain text URLs into links for convenience. This allows phishermen to trick people by making a hyperlink to a phishing site that looks like a plain text URL of a trusted site that an application, such as your email program, has made into a hyperlink. Unless the status bar information has been forged, such a link can be identified by hovering your mouse over the link. If you are sure that the URL is correct, you can safely type or paste it into the address bar.
• If you believe your password may have been phished, please attempt to log-in to your account and change your password. If you are unable to log-in, notify a developer, administrator, or other trusted member of your wiki immediately that your account has been compromised. You will not face any repercussions for having your account hijacked, other than a temporary suspension of your account.

[edit] Editing from a Wi-Fi network

Editing from a wireless network makes it much easier to intercept your password if the proper precautions are not taken because all transmissions are broadcast. Therefore, when editing from one of them, use these precautions:

• Make sure that your network is protected by WPA2 or WPA2-PSK using the AES encryption method, or a VPN if possible. If you control the base station hardware, and it does not support WPA2, it should be replaced or upgraded with a firmware that adds support for WPA2.
• If your operating system is Windows XP, get it patched to support WPA2 with this patch from Microsoft. Note that this patch requires Windows XP Service Pack 2. This patch is included with Windows XP Service Pack 3.
• If you cannot replace or upgrade your hardware to support WPA2, use WPA using AES if possible.
• If you are using hardware that cannot be upgraded to support WPA2 or WPA using AES, it should be replaced. There is nothing like having someone use your WLAN to download child porn or perform other illegal activities, having the IP address get traced to you, and getting arrested for someone else's crimes. WEP can often be cracked in under one minute, so it offers practically no protection at all against this scenario. TKIP encryption, which is the default encryption method of WPA, and is WEP reworked to foil all known attacks against WEP at the time it was developed in order to secure legacy hardware that does not support AES, was much stronger until recently, when a team of Japanese cryptanalysts found a way to break it in one minute, making it almost as worthless as WEP.
• If you are using WPA-PSK or WPA2-PSK, make sure that the passphrase on the network is sensible. Weak passwords allow WPA-PSK and WPA2-PSK to fall to dictionary attacks.
• If you must edit using an unencrypted, TKIP-protected, or WEP-protected Wi-Fi network, use the secure server URL for your project. For example, the secure server URL for the English Wikipedia is https://secure.wikimedia.org/wikipedia/en/wiki/.

Essentially, it comes down to care and good sense. Taking simple measures to combat account hijacking will keep you from becoming the next rogue editor and losing your editing and/or sysop privileges for good.

[edit] See also

• Wikipedia:Security