Community Wishlist Survey 2017/Miscellaneous/Different password for changing email

From Meta, a Wikimedia project coordination wiki

Different password for changing email

  • Problem:

Two-step login has its own problem such as

  • difficulty to log in when you don't have access to your phone or key generator.
  • some gadgets such as AWB and HUGGLE doesn't support it

so some users do not migrate to two-step login, on another hand we afraid of hacking our user account. In my opinion, If some one's account is hacked the hacker shouldn't simply change email. if changing email at user preference has separated password it will help the user to reset his/her account by the email.

  • Who would benefit:

The hacked user account can be restored by the email which has other password and the hacker doesn't have access to changing the email.

  • Proposed solution:

Define a different password for changing the email to make hard the hacking process of an account.

  • More comments:
  • Phabricator tickets:

Discussion[edit]

@Yamaha5: Are you aware of any websites with a log-in that offer such an option, and could you please name one? I can see that w:Multi-factor authentication can be cumbersome sometimes (and so can be entering a password in general but safety and security comes with some costs). However I don't see yet why having to remember two passwords instead of one would be a better solution. --AKlapper (WMF) (talk) 20:54, 8 November 2017 (UTC)[reply]

@AKlapper (WMF): my bank's website after inputting the first password asks some question which is two-step password without a key generator. as I said Two-step password with a key generator has its own difficulty. you can check the statistics which shows how many percentages of the users migrated to it. finally, we have many users which aren't migrated to two-step password and we should concern their security and we can't force them.Yamaha5 (talk) 21:14, 8 November 2017 (UTC)[reply]
@MaxSem:: mw:Manual:Bot passwords is useful for huggle but for AWB I can't use it also I want to secure my account if it is hacked I can restore the password by email. now hackers after hacking the account at the first they change the email! Yamaha5 (talk) 21:17, 8 November 2017 (UTC)[reply]
@AKlapper (WMF): Now w:Multi-factor authentication is only active for sysop's and non-sysop users can't use it Yamaha5 (talk) 10:52, 10 November 2017 (UTC)[reply]
@Yamaha5: actually some usergroups other than sysops are allowed to use it, just thought I correct that statement. Zppix (talk) 17:30, 12 November 2017 (UTC)[reply]
@Zppix: thank you for your correction. please mention which groups have this access? Yamaha5 (talk) 17:32, 12 November 2017 (UTC)[reply]
@Yamaha5: Administrators, Bureaucrats, Oversighters, Central notice administrators, Global renamers, WMF Office IT, WMF Support and Safety Zppix (talk) 17:53, 12 November 2017 (UTC)[reply]
most of them have sysop rights and are upper level than sysopsYamaha5 (talk) 18:09, 12 November 2017 (UTC)[reply]
Community Wishlist Survey 2017/Miscellaneous/2 factor authentication for all seems like a better place to direct efforts to. --Tgr (WMF) (talk) 23:14, 19 November 2017 (UTC)[reply]

A different password does little to do hacking harder; also, if someone hacks your account it does not make too much difference (wrt the amount of damage they can do) whether they can change your email address or not. And as long as it happens rarely, we can just rely on manual recovery. --Tgr (WMF) (talk) 23:09, 19 November 2017 (UTC)[reply]

I'm of the opinion that multiple different passwords for different things would be too confusing to most users. BWolff (WMF) (talk) 22:53, 28 November 2017 (UTC)[reply]

Voting[edit]