Requests for comment/Password policy for users with certain advanced permissions/support

From Meta, a Wikimedia project coordination wiki
Jump to navigation Jump to search

People in favor of Requests for comment/Password policy for users with certain advanced permissions:

  1. Symbol strong support vote.svg Strong support Their accounts being compromised will end up with the project vandalized --Skupsum (talk) 14:17, 11 January 2016 (UTC)
  2. Esquilo (talk) 09:01, 21 December 2015 (UTC) Provided that CrackLib or any other qualified method is used to ensure password strength rather than stupid, rigid rules based on password length and usages of digits, capitals etc.
  3. --Steinsplitter (talk) 10:57, 13 December 2015 (UTC)
  4. --Geraki TL 11:09, 13 December 2015 (UTC)
  5. --Ochilov (talk) 11:42, 13 December 2015 (UTC)
  6. TheDJ (talkcontribs) 12:05, 13 December 2015 (UTC)
  7. MarcoAurelio 14:47, 13 December 2015 (UTC)
  8. It may indeed sound as a message of distrust, but so far no one checked whether accounts with advanced permissions indeed have strong passwords — NickK (talk) 14:57, 13 December 2015 (UTC)
  9. Helder 16:57, 13 December 2015 (UTC)
  10. Krenair (talkcontribs) 17:55, 13 December 2015 (UTC)
  11. LFaraone (talk) 18:55, 13 December 2015 (UTC)
  12. It may be worthwhile to implement this on all accounts on private wikis too. --Rschen7754 19:31, 13 December 2015 (UTC)
  13. Antero de Quintal (talk) 20:23, 13 December 2015 (UTC)
  14. I also agree that we need to add some password policies to all accounts, not just admins and functionaries. Reguyla (talk) 20:25, 13 December 2015 (UTC)
  15. Those proposed criteria for passwords have been like an unwritten rule for me anyway.--Snaevar (talk) 22:56, 13 December 2015 (UTC)
  16. --Tgr (talk) 23:03, 13 December 2015 (UTC)
  17. Platonides (talk) 23:20, 13 December 2015 (UTC)
  18. --Malatinszky (talk) 23:59, 13 December 2015 (UTC)
  19. Callanecc (talk) 00:16, 14 December 2015 (UTC)
  20. -- Mlpearc (open channel) 00:43, 14 December 2015 (UTC)
  21. Mike VTalk 01:04, 14 December 2015 (UTC)
  22. For all users, not just those with advanced permissions. Ansh666 (talk) 02:33, 14 December 2015 (UTC)
  23. — JJMC89(T·C) 03:05, 14 December 2015 (UTC)
  24. --Lsanabria (talk) 03:58, 14 December 2015 (UTC)
  25. Absolutely. James F. (talk) 05:06, 14 December 2015 (UTC)
  26. I can't imagine using a password for any site that doesn't meet this requirement, and this is only one step that I'd encourage all users with administrator or higher access level to take to maintain security of their account. Risker (talk) 05:12, 14 December 2015 (UTC)
  27. --Krd 06:15, 14 December 2015 (UTC) Recently proven to be necessary. Should be required for all users.
  28. --β16 - (talk) 08:49, 14 December 2015 (UTC)
  29. --Grüße vom Sänger ♫(Reden) 10:47, 14 December 2015 (UTC) For me it's a nobrainer, that people with a certain level of access to trusted information should have secure passwords
  30. MER-C (talk) 11:04, 14 December 2015 (UTC)
  31. עוד מישהו Od Mishehu 13:38, 14 December 2015 (UTC)
  32. --RexxS (talk) 15:12, 14 December 2015 (UTC)
  33. Julle (talk) 15:51, 14 December 2015 (UTC) When I support someone's request for adminship or other rights, I trust their ability to handle those tools and behave according to Wikimedia social norms and expectations. I don't ask if they've got basic knowledge about computer security. We can't expect everyone will have. This doesn't mean they're not trustworthy, it simply means they've never been taught basic steps to keep their accounts safe.
  34. As a simple security measure to keep advanced permissions away from people with ill intent. Explicily oppose doing this for all users. Wikimedia projects should be easy to access and edit, this is only to prevent harm caused by compromised accounts with advanced permisssions. Beeblebrox (talk) 16:16, 14 December 2015 (UTC)
  35. Absolutely. wctaiwan (talk) 17:56, 14 December 2015 (UTC)
  36. APerson (talk) 18:29, 14 December 2015 (UTC)
  37. Absolutely for advanced user rights. These accounts can do a lot of damage if compromised. However, I strongly oppose imposing the requirements on all accounts. One of the big issues facing us is lack of new editors. We want to keep the bar low. Also, why on earth go to the trouble to steal a vanilla autoconfirmed account. Just create an account, fix 10 typos and wait 4 days. Happysquirrel (talk) 19:39, 14 December 2015 (UTC)
  38. After the account compromise over at EN.WP admins etc need to have better passwords, The only thing I oppose is making this a thing for all users as it wouldn't really benefit us non admins. –Davey2010Talk 00:56, 15 December 2015 (UTC)
  39. ⋙–Berean–Hunter—► ((⊕)) 02:07, 15 December 2015 (UTC)
  40. Teles «Talk to me ˱C L @ S˲» 03:35, 15 December 2015 (UTC) A simple measure with no harm for users. We shouldn't be so naive for believing that every sysop on every Wiki will care about their account security. Let's not be so passional about that and acknowledge that not everyone care about it but should and it isn't understandable to be so worried about requiring security measures from users with higher access. We are not dealing with readers and new editors; sysops can easily deal with any possible harm that comes from this. Those that already care won't be affected.
  41. -Grind24 (talk) 04:23, 15 December 2015 (UTC)
  42. WormTT 08:38, 15 December 2015 (UTC)
  43. --Atsme📞📧 18:49, 15 December 2015 (UTC)
  44. Kharkiv07 (T) 22:33, 15 December 2015 (UTC)
  45. Alan (talk) 00:00, 16 December 2015 (UTC)
  46. Johnuniq (talk) 03:53, 16 December 2015 (UTC)
  47. --L736E (talk) 23:03, 17 December 2015 (UTC)
  48. Ruy Pugliesi 03:51, 21 December 2015 (UTC) Accounts with advanced permisssions can cause a lot of damage if compromised. May it sound as a message of distrust? Yes, maybe. However, I believe it is essential to prioritise security measures.
  49. MisterSynergy (talk) 07:39, 21 December 2015 (UTC)
  50. --YMS (talk) 08:03, 21 December 2015 (UTC) Good measure to protect our wikis; also it's good that no "advanced" requirements like "has to have at least two special characters and one number" are to be forced.
  51. --PeeCee (talk) 08:05, 21 December 2015 (UTC) Being a PenTester i know how easy it would be to exploit weak passwords. --PeeCee (talk) 08:05, 21 December 2015 (UTC)
  52. --Windharp (talk) 08:23, 21 December 2015 (UTC) - That is not a question about trust/distrust but about reducing the risk of password hacking attempts.
  53. --Martinvl Although I trust 99% of the privileged users not to abuse their privileges, I do not trust 100% of them. I also do not know which 1% I should distrust. The weak link in Wikimedia's security system is a disgruntled employee which is why privileged users need secure passwords. Martinvl (talk) 08:27, 21 December 2015 (UTC)
  54. --Klaus Eifert (talk) 08:30, 21 December 2015 (UTC)
  55. --Sfic (talk) 08:35, 21 December 2015 (UTC)
  56. --sasha (krassotkin) 08:38, 21 December 2015 (UTC)
  57. --Edoderoo (talk) 08:41, 21 December 2015 (UTC) Sure, I would force 2-pass for certain positions once it is available. For regular users (non-sysops), a one-byte password could still do, for all with extra responsibilities, I support.
  58.  Klaas `Z4␟` V:  08:47, 21 December 2015 (UTC) absolutely! Not only admins for everybody to make the procedure more universal and therefore simpler.
  59. -- I recommend to use at least a 12-character password. --Misibacsi (talk) 08:50, 21 December 2015 (UTC)
  60. -- THE IT (talk) 09:01, 21 December 2015 (UTC)
  61. —Absolutely Beeswaxcandle (talk) 09:03, 21 December 2015 (UTC)
  62. should be for every user. Turb (talk) 09:05, 21 December 2015 (UTC)
  63. --- Darwin Ahoy! 09:09, 21 December 2015 (UTC)
  64. --Susann Schweden (talk) 10:03, 21 December 2015 (UTC)
  65. --Yann (talk) 10:26, 21 December 2015 (UTC)
  66. Everybody ought to understand that these requirements are not against anyone's rights but instead protect the system against abuse. That 8 bytes minimum should be for every user and at least 24 bytes for users with advanced permissions. --Chiumbi (talk) 11:25, 21 December 2015 (UTC)
  67. This is an absolutely basic level of password security. If your password is less than eight bytes, it can be trivially cracked (under a second). The opposing argument—that requiring reasonable password security for administrators (etc.) demonstrates a lack of trust—is quite frankly baffling to me. When we give out rights to administrators and CheckUsers and so on, the community is saying "we trust you to use your tools to make the wiki better". We aren't saying "we trust every decision you make". And the recent security issues with admin accounts clearly demonstrate that some people evidently need a little bit of assistance to not completely fail at infosec. —Tom Morris (talk) 11:35, 21 December 2015 (UTC)
  68. If find it strange that such a policy is not already in place for all users. --Sebari (talk) 11:42, 21 December 2015 (UTC)
  69. We need to make sure that the person in charge of privileged accounts is the same person elected by the community. Muhraz (talk) 11:50, 21 December 2015 (UTC)
  70. Banfield - Reclamos aquí 12:06, 21 December 2015 (UTC)
  71. --DR (talk) 12:18, 21 December 2015 (UTC)
  72. Euryalus (talk) 12:26, 21 December 2015 (UTC)
  73. Yes, of course. MaxBioHazard (talk) 12:32, 21 December 2015 (UTC)
  74. --Insider (talk) 12:42, 21 December 2015 (UTC)
  75. Yes. It seems reasonable. Regards. --Ganímedes (talk) 13:33, 21 December 2015 (UTC)
  76. Jmvkrecords (Intra talk) 13:45, 21 December 2015 (UTC).
  77. --Asger (talk) 13:50, 21 December 2015 (UTC)
  78. It surprises me that the requirement isn't higher -- many vendors require that to open an account, you use a password that is not only eight bytes, but that includes some or all of upper and lower case alpha, numbers, and special characters. Where permitted, I always use passwords that contain at least three of the four.     Jim . . . . Jameslwoodward (talk to me) 14:02, 21 December 2015 (UTC)
  79. Support Support; I see no reason not to support this. —Beleg Tâl (talk) 14:21, 21 December 2015 (UTC)
  80. I can't conceive of any logical reason to oppose this. Thryduulf (talk: meta · en.wp · wikidata) 14:22, 21 December 2015 (UTC)
  81. This proposal makes sense. — Green Zero обг 14:26, 21 December 2015 (UTC)
  82. Yes, isn't in the number of bytes in the password, but the number of guesses allowed from unrecognized systems. -- Dave Braunschweig (talk) 15:27, 21 December 2015 (UTC)
  83. +Dave Braunschweig – Meiræ 16:03, 21 December 2015 (UTC)
  84. Additional protection agains brute force attack is nessesary, ie. only a limites number of guesses in a certain time space. But the requirements should only be used on accounts mentioned in the proposal. ----Savfisk (talk) 16:27, 21 December 2015 (UTC)
  85. NH 17:02, 21 December 2015 (UTC)
  86. Peter Bowman (talk) 18:06, 21 December 2015 (UTC)
  87. Matanya (talk) 18:39, 21 December 2015 (UTC)
  88. Kropotkine 113 (talk) 18:47, 21 December 2015 (UTC)
  89. FiliP ██ 19:15, 21 December 2015 (UTC)
  90. --Gestumblindi (talk) 19:30, 21 December 2015 (UTC) Though this wouldn't necessarily mean that people choose a good password, and it can't prevent careless handling of passwords or using the same password as for other services, it still seems like a reasonable basic standard that, in fact, would be a good idea for all users.
  91. --Koffeeinist (talk) 19:52, 21 December 2015 (UTC)
  92. --Alchemist-hp (talk) 20:01, 21 December 2015 (UTC)
  93. k6ka 🍁 (Talk · Contributions) 20:28, 21 December 2015 (UTC)
  94. Anyone who opposes this is a nitwit. Any admin/bureaucrat/etc. who opposes this should have their tools taken away for willfully endangering other users while in a position of trust. — Scott talk 20:38, 21 December 2015 (UTC)
    Wow, a non sequitur, ad hominem and an ad baculum. This should be some kind of record. Natuur12 (talk) 22:30, 21 December 2015 (UTC)
  95. Per my comments on the English Wikipedia RfC: basically, that we need to make sure accounts with the power to mess up the site have fairly secure passwords, while avoiding excessive rules for regular users. — Bilorv (talk) 20:43, 21 December 2015 (UTC)
  96. --Lam-ang (talk) 21:13, 21 December 2015 (UTC)
  97. It’s a start. U2F would be better. --DaB. (talk) 21:44, 21 December 2015 (UTC)
  98. Obvious support - This should be baseline for all users. Reaper Eternal (talk) 21:54, 21 December 2015 (UTC)
  99. Per Reaper Eternal just above, this is the minimal security requirement for a large majority of website nowadays — 0x010C ~talk~ 22:21, 21 December 2015 (UTC)
  100. Duh. --Thibaut120094 (talk) 22:35, 21 December 2015 (UTC)
  101. Eduardogobi (talk) 22:56, 21 December 2015 (UTC)
  102. MichaelMaggs (talk) 22:59, 21 December 2015 (UTC)
  103. Basvb (talk) 01:05, 22 December 2015 (UTC) These are the least that should be required from passwords.
  104. On your password should be at least six characters long and it's just a blogging service. Here we are talking about the security of all users on a wiki. Although 8 bytes may still be not secure enough and admins should be reminded of this, it seems a reasonable minimum requirement to me. Dalba 03:19, 22 December 2015 (UTC)
  105. Support Support xaosflux Talk 03:41, 22 December 2015 (UTC)
  106. Support Support. 8 bytes (or characters) password seems OK to me. --Warp3 (talk) 04:43, 22 December 2015 (UTC)
  107. Technically speaking, by eliminating the most common passwords, that leaves attackers with a smaller set of possible passwords to choose from, which sorts of makes it easier for them ("hmm... I know what not to try"), but then, the restrictions also make it harder to brute force the password. It would probably be good to apply this to other accounts such as bots (and potentially all users overall) as well.  Hazard SJ  04:45, 22 December 2015 (UTC)
    The passwords that are eliminated take up such a small amount of the password space, that its basically inconsequential (particularly, the common password list is very small. The 8 byte limit would eliminate a bigger portion of the password space, but still only an extremely small amount. Even under the very liberal assumption that passwords are at most 8 bytes long, only 0.3% are eliminated (Math I did was a bit simplified, so take that as a ballpark). If you assume passwords are at most 9 bytes long, then it eliminates 0.001% of the password space. I wouldn't worry about eliminating such a small amount of the potential password space. BWolff (WMF) (talk) 12:50, 22 December 2015 (UTC)
  108. In my opinion a stronger password should be implemented to all users. All the best, --Silenzio76 (talk) 14:11, 22 December 2015 (UTC)
  109. --SMAUG (TalkMy contributionsE-mail) 14:36, 22 December 2015 (UTC)
  110. Support Support I would also strongly encourage 2-factor authentication as soon as possible, and forcing a password change on everybody once in a while. I can't understand the motivation of somebody opposed to this; if you are not willing to be positively identified as the same unique individual over time, then why should we trust you with any special rights? ArthurPSmith (talk) 14:45, 22 December 2015 (UTC)
  111. Support Support Doug Weller (talk) 15:18, 22 December 2015 (UTC)
  112. Support Support --Atcovi (Talk - Contribs) 15:30, 22 December 2015 (UTC)
  113. Firilacroco talk 16:47, 22 December 2015 (UTC)
  114. Support Support Strongly support. I think that admins and users with advanced access (e.g. stevards, oversighters, bureaucrats etc.) should use strong passwords. I think that system can notify users with advanced access that they use weak password and after 14 days remove the access. I thing that bans aren't neccesary. --Urbanecm (talk) 17:06, 22 December 2015 (UTC)
  115. Support Support --Tarjeimo (talk) 17:22, 22 December 2015 (UTC)
  116. Only as a temporary solution. I implore the Foundation to have its Security team make two-factor authentication a top priority goal for the next quarter, and have this working product delivered within this timeframe, and then have it forced on all accounts holding permissions that give them access to information covered by the privacy policy. odder (talk) 18:53, 22 December 2015 (UTC)
  117. Support Support I am not a friend of strong password requirements, as they reduce comfort of users. But these proposed new requirements are straightforward and uncomplicated, i do not think that these requirements will reduce comfort of users. And I agree that weak passwords are security threat. --Jklamo (talk) 19:54, 22 December 2015 (UTC)
  118. Support Support Zabia (talk) 20:16, 22 December 2015 (UTC)
  119. Support. --Allan Aguilar (talk) 21:19, 22 December 2015 (UTC)
  120. Support Support - plus what Esquilo said. Balko (talk) 23:26, 22 December 2015 (UTC)
  121. Support Support david55 (talk) 06:29, 23 December 2015 (UTC)
  122. Support Support - Rsocol (talk) 08:09, 23 December 2015 (UTC)
  123. Although the proposition above is quite far from a strong password that is a good start. Soisyc Croisic (talk) 10:16, 23 December 2015 (UTC)
  124. Support Support - --Alexander Gamauf (talk) 11:42, 23 December 2015 (UTC)
  125. Support Support Mardetanha talk 20:20, 23 December 2015 (UTC)
  126. Support Support I have read through the "oppose" votes, and see nothing in that discussion to cause concern. Those proposing this have clearly thought through the alternatives and considerations thoroughly. Well done. -Pete F (talk) 17:52, 24 December 2015 (UTC)
  127. In fact, I do not see the point for this poll, just do it. --FocalPoint (talk) 18:28, 24 December 2015 (UTC)
  128. Support Support I am not sure if I am allowed to vote, but I totally think it's a good idea. What if Jimbo's password was just "WikipediaIsGr8"? That wouldn't be good.... Krett12 (talk) 21:31, 24 December 2015 (UTC)
  129. Support Support WMF seems to offer secure environment. Nevertheless, strong passwords are necessary at least for users with higher rights. Juetho (talk) 09:06, 25 December 2015 (UTC)
  130. Support Support.--Stang 13:28, 25 December 2015 (UTC)
  131. Definitely yes. Every actions created to increasing the safety for users accounts with advanced permissions receive my support. Damages caused by invasions of these accounts can be catastrophic. Érico (msg) 19:19, 25 December 2015 (UTC)
  132. Support Support per Jklamo. –Danmichaelo (talk) 17:23, 26 December 2015 (UTC)
  133. Support Support --° (Gradzeichen) 11:13, 27 December 2015 (UTC)
  134. Support Support --Nux (talk) 13:31, 27 December 2015 (UTC) I would even make those demands higher, but I guess it should be fine. Maybe you could also add some basic entropy meter in the form. Just as a hint for users.
  135. Support Support PMG (talk) 18:32, 27 December 2015 (UTC) full support for this RFC and for 2FA.
  136. Support Support Unicornisaurous (talk) 21:05, 27 December 2015 (UTC)
  137. Effeietsanders (talk) 23:02, 27 December 2015 (UTC) - seems improvement enough. Dont let perfection be the enemy of progress!
  138. 贊成。--Jasonzhuocn (talk) 08:00, 28 December 2015 (UTC)
  139. Support Support 15:32, 29 December 2015 (UTC)
  140. Support Support Karmela (talk) 22:56, 29 December 2015 (UTC)
  141. Support Support per most of the other comments above. This, that and the other (talk) 13:52, 1 January 2016 (UTC)
  142. Support Support In today's computing age 8 almost isn't long enough, but definitely a step in the right direction. -- Enfcer (talk) 03:09, 3 January 2016 (UTC)
  143. Support Support rxy (talk) 16:10, 3 January 2016 (UTC)
  144. Support Support „WHAT YEAR IS IT?“ Kays (talk) 06:06, 6 January 2016 (UTC)
  145. Support Support These are such basic requirements that I can't imagine any problems. We can always do more in the future. Respectfully, none of the oppose votes are convincing. — Earwig talk 08:33, 7 January 2016 (UTC)
  146. Support Support Ciridae (talk) 11:15, 8 January 2016 (UTC)
  147. Support Support Avm99963 (talk) 16:30, 8 January 2016 (UTC) – It's one step towards having more security in all Mediawiki projects. However, apart from this proposal I would give a lot of priority to the implementation of 2FA.
  148. Support Support It's about time that some basic security is required for contributors with advanced permissions. I would advocate even more stringent requirements. Royalbroil 03:54, 9 January 2016 (UTC)
  149. Support Support I don't really see any functional argument against standardizing security requirements and effectivly increasing user security. All opposing voices boil essentially down to "I don't like this" or "I trust people"...
  150. Support Support only for two-factor authentication. I mean, how are you going to check if a password which already set is strong enough or not to implement "users who don't have a strong enough password will be asked to change it next time they log in. Additionally, users that are in the restricted groups will be prevented from changing their password to a password not meeting the requirements."? Bennylin
  151. Symbol strong support vote.svg Strong support --Mario-WL (talk) 01:49, 15 January 2016 (UTC)
  152. Support Support A no-brainer. Kevin Rutherford (talk) 23:52, 18 January 2016 (UTC)