Password policy

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search
Translate this page; This page contains changes which are not marked for translation.

Other languages:
Deutsch • ‎English • ‎bosanski • ‎català • ‎dansk • ‎español • ‎français • ‎italiano • ‎polski • ‎português do Brasil • ‎română • ‎suomi • ‎čeština • ‎български • ‎русский • ‎العربية • ‎سنڌي • ‎مصرى • ‎हिन्दी • ‎ಕನ್ನಡ • ‎ไทย • ‎中文

Overview[edit]

Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorised access to your account. This can have a cascading effect which could jeopardize the security and privacy of other contributors. A strong password not only protects the individual, but the projects and the movement as a whole.

Purpose[edit]

The purpose of this policy is to establish and document password requirements for users of Wikimedia wikis.

Scope[edit]

The scope of this policy includes anyone who has registered an account on a Wikimedia wiki.

Policy[edit]

Password requirements are defined for both regular users and privileged users. These requirements may be changed or expanded in the future to further enhance security.

  1. Password requirements for regular users:
    1. Must be at least 8 characters
    2. Must not be in the 100,000 most popular passwords (as defined by the Password Blacklist library)
    3. Must not be the same as the username
  2. Password requirements for privileged users:
    1. Must be at least 10 characters
    2. Must not be in the 100,000 most popular passwords (as defined by the Password Blacklist library)
    3. Must not be the same as the username

Compliance[edit]

The security team will conduct activities including, but not limited to: auditing accounts, dictionary attacks against user passwords, and user surveys.

Password changes may be required for all users by the Wikimedia Security Team in case of a security incident.

Exceptions[edit]

For exceptions to this policy contact security(at)wikimedia.org

Related policies and documentation[edit]

Definitions[edit]

fishbowl – A fishbowl wiki is a wiki which everyone can read, but only some people (with accounts) may edit.

normal user – A user account on a wiki not a member of any groups that is considered privileged.

private – A private wiki is a wiki where read and write access is restricted to people who have accounts.

privileged user – A privileged user is one who is in a group such as (but not limited to): Global and local Administrators (sysop), Bureaucrat, Oversight, Check User, Founder, Global Interface Editors, Ombudsmen, Staff, Stewards, Central Notice Administrators, and System Administrators. Other groups identified by the Security Team at the Wikimedia Foundation may be considered “privileged” but not listed above. All users on private and fishbowl wikis are considered privileged.