Contents 1 Background 2 Application 3 Requirements 4 Enforcement and auditing 5 So that's it, my account is secure?


Background[edit] Although Wikipedia:User account security has contained standard advice for password strength for some time, the English-language Wikipedia did not have password requirements for any user group for its first fourteen years. In late 2015, there was a security breaching incident involving users with advanced permissions that led to a security review. That review resulted in password requirements for some users with advanced permissions, and advised changes to global policy and auditing and enforcement by the Wikimedia Foundation.


Application[edit] While all users are strongly advised to maintain a strong password, the policy requirements are only binding on the following user groups: Administrators Bureaucrats Edit filter managers Functionaries Additionally, the community recommended that global policy require the steward and founder user groups follow these same requirements. Jimbo Wales, as sole member of the "founder" user group, voluntarily agreed to comply with these requirements. A password strength meter is to be added to the signup/change password screen in order to assist users in determining if their password is considered strong.


Requirements[edit] Privileged users must meet these requirements: Passwords must be at least 8 bytes in length. (in English this usually corresponds to 8 characters) Passwords should not be on the list of the 10,000 most common passwords. In addition, there are very limited requirements that apply to all users: Passwords must not be blank. Passwords must not be on the list of the 100 most common passwords. Passwords must not be "wiki", "mediawiki", or the name of the wiki the password is being set on.


Enforcement and auditing[edit] A password strength bar (yet to be implemented) will help these users determine if they are meeting these requirements. Regular auditing of administrator and functionary passwords is to be done by the Foundation, through a process and at intervals as yet to be determined. Users with advanced permissions who are found to be out of compliance with these requirements may have their permissions revoked until they have made adequate assurances that they have rectified the issue. Users who repeatedly fail to maintain a strong password may have their permissions permanently revoked by the Arbitration Committee.


So that's it, my account is secure?[edit] No, not really. A strong password and password security are just one part of securing your account. Users with advanced permissions, and indeed all users, should be taking steps above and beyond these requirements to insure the security of their accounts. Two-factor authentication is now available to administrators and will hopefully be rolled out to all users in the near future. Simply logging out when you are done for the day if you are using a device that there is even a possibility another person will have access to is another basic security measure. Avoid "recycling", your Wikipedia password should be unique and not used to log in anywhere else. A committed identity can help you prove you are the legitimate account holder and assist you in regaining control of your account if it is breached. More information is available at WP:SECURITY. v t e Wikipedia accounts and governance Unregistered (IP) users Why create an account? Create an account Request an account IPs are human too IP addresses are not people IP hopper Registered users New account Logging in Reset passwords Username policy Changing username Usernames for administrator attention Unified login or SUL Alternate account Account security Password strength requirements User account security Personal security practices Two-factor authentication Simple 2FA 2FA for AWB Committed identity On privacy, confidentiality and discretion Compromised accounts Blocks, global locks, bans, sanctions Blocking policy FAQ Admins guide Tools Autoblock Appealing a block Guide to appealing blocks UTRS Unblock Ticket Request System Blocking IP addresses Range blocks IPv6 Open proxies Global locks Banning policy ArbCom appeals Sanctions Personal sanctions General sanctions Discretionary sanctions and Log Essay Long-term abuse Standard offer Related to accounts Sock puppetry Single-purpose account Sleeper account Vandalism-only account Wikibreak Enforcer Retiring Courtesy vanishing Clean start Quiet return User groups and global user groups Requests for permissions Admin instructions Admin guide Account creator PERM Autopatrolled PERM AutoWikiBrowser PERM Confirmed PERM Extended confirmed PERM Edit filter helper File mover PERM Mass message sender PERM New page reviewer PERM Page mover PERM Pending changes reviewer PERM Rollback PERM Template editor PERM IP-block-exempt Requests Courses access Requests Bot accounts Requests Global rights policy OTRS Volunteer Response Team Advanced user groups Administrators RfA Bureaucrats RfB Edit filter manager Requests CheckUser and Oversight Requests Founder Committees and related Arbitration Committee Mediation Committee Bot approvals group Functionaries Clerks Governance Administration FAQ Formal organization Editorial oversight and control Quality control Wikimedia Foundation Board Founder's seat Meta-Wiki Leadership opportunities WikiProjects Elections Policies and guidelines Unbundling administrators' powers Petitions Noticeboards Consensus Dispute resolution Reforms Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:Password_strength_requirements&oldid=817236035" Categories: Wikipedia policies


Navigation menu Personal tools Not logged inTalkContributionsCreate accountLog in Namespaces Project pageTalk Variants Views ReadEditView history More Search Navigation Main pageContentsFeatured contentCurrent eventsRandom articleDonate to WikipediaWikipedia store Interaction HelpAbout WikipediaCommunity portalRecent changesContact page Tools What links hereRelated changesUpload fileSpecial pagesPermanent linkPage informationWikidata item Print/export Create a bookDownload as PDFPrintable version Languages 中文 Edit links This page was last edited on 27 December 2017, at 02:44. Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view (window.RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgPageParseReport":{"limitreport":{"cputime":"0.080","walltime":"0.126","ppvisitednodes":{"value":245,"limit":1000000},"ppgeneratednodes":{"value":0,"limit":1500000},"postexpandincludesize":{"value":37094,"limit":2097152},"templateargumentsize":{"value":264,"limit":2097152},"expansiondepth":{"value":5,"limit":40},"expensivefunctioncount":{"value":2,"limit":500},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 81.091 1 -total"," 56.35% 45.694 1 Template:Policy"," 52.77% 42.792 1 Template:Ombox"," 21.07% 17.084 1 Template:Wikipedia_accounts"," 17.44% 14.142 1 Template:Navbox"," 16.72% 13.556 1 Template:Shortcut"," 5.52% 4.480 1 Template:Nutshell"," 3.32% 2.691 1 Template:Mbox"]},"scribunto":{"limitreport-timeusage":{"value":"0.028","limit":"10.000"},"limitreport-memusage":{"value":1473009,"limit":52428800}},"cachereport":{"origin":"mw1266","timestamp":"20180212130914","ttl":1900800,"transientcontent":false}}});});(window.RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgBackendResponseTime":71,"wgHostname":"mw1328"});});


Wikipedia:Password_strength_requirements - Photos and All Basic Informations

Wikipedia:Password_strength_requirements More Links

Wikipedia:Policies And GuidelinesWikipedia:What "Ignore All Rules" MeansWikipedia:ConsensusWikipedia:ShortcutStrong PasswordWikipedia:User Account SecurityPassword StrengthWikipedia:Security Review RfCWikimedia FoundationWikipedia:ADMINWikipedia:CRATWikipedia:EFMWikipedia:FUNCTWikipedia:STEWARDSUser:Jimbo WalesSpecial:Diff/695206930Wikipedia:Most Common Passwords/10000Wikipedia:10,000 Most Common PasswordsWikipedia:ARBCOMWikipedia:2FAWikipedia:Committed IdentityWikipedia:SECURITYTemplate:Wikipedia AccountsTemplate Talk:Wikipedia AccountsUser (computing)GovernanceWikipedia:User Access LevelsWikipedia:Why Create An Account?Special:CreateAccountWikipedia:Request An AccountWikipedia:IPs Are Human TooWikipedia:IP Addresses Are Not PeopleWikipedia:IP HopperWikipedia:New AccountHelp:Logging InHelp:Reset PasswordWikipedia:Username PolicyWikipedia:Changing UsernameWikipedia:Usernames For Administrator AttentionWikipedia:Unified LoginWikipedia:Sock PuppetryWikipedia:User Account SecurityWikipedia:Personal Security PracticesHelp:Two-factor AuthenticationWikipedia:Simple 2FAWikipedia:Using AWB With 2FATemplate:Committed IdentityWikipedia:On Privacy, Confidentiality And DiscretionWikipedia:Compromised AccountsWikipedia:Blocking PolicyWikipedia:FAQ/BlocksWikipedia:Administrators' Guide/BlockingWikipedia:Administrators' Guide/Blocking/ToolsWikipedia:AutoblockWikipedia:Appealing A BlockWikipedia:Guide To Appealing BlocksWikipedia:Unblock Ticket Request SystemWikipedia:Blocking IP AddressesWikipedia:Open ProxiesWikipedia:Banning PolicyWikipedia:Arbitration Committee/Ban AppealsWikipedia:SanctionsWikipedia:Editing RestrictionsWikipedia:General SanctionsWikipedia:Arbitration Committee/Discretionary SanctionsWikipedia:Arbitration Enforcement LogWikipedia:Sanctions (essay)Wikipedia:Long-term AbuseWikipedia:Standard OfferWikipedia:Sock PuppetryWikipedia:Single-purpose AccountWikipedia:Sleeper AccountWikipedia:Vandalism-only AccountWikipedia:WikibreakWikipedia:WikiProject User Scripts/Scripts/WikiBreak EnforcerWikipedia:RetiringWikipedia:Courtesy VanishingWikipedia:Clean StartUser:Worm That Turned/Quiet ReturnWikipedia:User Access LevelsWikipedia:Requests For PermissionsWikipedia:Requests For Permissions/Administrator InstructionsWikipedia:Administrators' Guide/Granting And Revoking User RightsWikipedia:Account CreatorWikipedia:Requests For Permissions/Account CreatorWikipedia:AutopatrolledWikipedia:Requests For Permissions/AutopatrolledWikipedia:AutoWikiBrowserWikipedia:Requests For Permissions/AutoWikiBrowserWikipedia:User Access LevelsWikipedia:Requests For Permissions/ConfirmedWikipedia:User Access LevelsWikipedia:Requests For Permissions/Extended ConfirmedWikipedia:Edit Filter HelperWikipedia:File MoverWikipedia:Requests For Permissions/File MoverWikipedia:Mass Message SendersWikipedia:Requests For Permissions/Mass Message SenderWikipedia:New Pages Patrol/ReviewersWikipedia:Requests For Permissions/New Page ReviewerWikipedia:Page MoverWikipedia:Requests For Permissions/Page MoverWikipedia:Reviewing Pending ChangesWikipedia:Requests For Permissions/Pending Changes ReviewerWikipedia:RollbackWikipedia:Requests For Permissions/RollbackWikipedia:Template EditorWikipedia:Requests For Permissions/Template EditorWikipedia:IP Block ExemptionWikipedia:Unblock Ticket Request SystemWikipedia:User Access LevelsWikipedia:Education NoticeboardWikipedia:Bot PolicyWikipedia:Bots/Requests For ApprovalWikipedia:Global Rights PolicyWikipedia:Volunteer Response TeamWikipedia:AdministratorsWikipedia:Requests For AdminshipWikipedia:BureaucratsWikipedia:Requests For AdminshipWikipedia:Edit FilterWikipedia:Edit Filter NoticeboardWikipedia:CheckUserWikipedia:OversightWikipedia:Arbitration Committee/CheckUser And OversightWikipedia:Role Of Jimmy WalesWikipedia:CommitteesWikipedia:Arbitration CommitteeWikipedia:Mediation CommitteeWikipedia:Bot Approvals GroupWikipedia:FunctionariesWikipedia:Sockpuppet Investigations/SPI/ClerksWikipedia:AdministrationWikipedia:AdministrationWikipedia:FAQ/AdministrationWikipedia:Formal OrganizationWikipedia:Editorial Oversight And ControlWikipedia:Quality ControlWikipedia:Wikimedia FoundationWikipedia:Board Of TrusteesWikipedia:Founder's SeatWikipedia:MetaWikipedia:Leadership OpportunitiesWikipedia:WikiProjectWikipedia:ElectionsWikipedia:Policies And GuidelinesWikipedia:Unbundling Administrators' PowersWikipedia:List Of PetitionsWikipedia:NoticeboardsWikipedia:ConsensusWikipedia:Dispute ResolutionWikipedia:ReformsHelp:CategoryCategory:Wikipedia PoliciesDiscussion About Edits From This IP Address [n]A List Of Edits Made From This IP Address [y]View The Project Page [c]Discussion About The Content Page [t]Edit This Page [e]Visit The Main Page [z]Guides To Browsing WikipediaFeatured Content – The Best Of WikipediaFind Background Information On Current EventsLoad A Random Article [x]Guidance On How To Use And Edit WikipediaFind Out About WikipediaAbout The Project, What You Can Do, Where To Find ThingsA List Of Recent Changes In The Wiki [r]List Of All English Wikipedia Pages Containing Links To This Page [j]Recent Changes In Pages Linked From This Page [k]Upload Files [u]A List Of All Special Pages [q]Wikipedia:AboutWikipedia:General Disclaimer



view link view link view link view link view link