Contents 1 In general 2 Privileged editors 3 Two-factor authentication (2FA) 3.1 Enrolling 4 Notes 5 See also


In general[edit] As a rule of thumb, a password that is reasonably long, with a mix of upper and lowercase letters and numbers, and not mostly made up of dictionary words or names or personal information (date of birth, cat's name, etc.) is likely to be reasonably strong for everyday use. Passwords that consist of just lowercase letters can also be reasonably strong, but they must be significantly longer than passwords with more entropy per character; see this XKCD comic strip. However, it is left up to users to decide how strong a password they wish to use beyond this. Having strong passwords is a necessary condition but not sufficient for strong computer security: for example when using public computers your account could be compromised by keyloggers. Accounts that appear to have been compromised may be blocked without warning; administrators will generally not unblock such accounts without evidence that their rightful owners solely control them. Be careful on public WiFi networks. Sometimes there may be people sniffing packets and looking at information. If you edit from a public WiFi network it is a good idea to use a VPN or inspect the HTTPS certificate of your connection.


Privileged editors[edit] On Wikipedia, only certain users (including administrators) can perform some actions. It is especially important that these privileged editors have strong passwords. Administrators, bureaucrats, checkusers, stewards and oversighters discovered to have weak passwords, or to have had their accounts compromised by a malicious person, may have their accounts blocked and their privileges removed on grounds of site security. In certain circumstances, the revocation of privileges may be permanent. Discretion on resysopping temporarily desysopped administrators is left to the bureaucrats, provided they can determine that the administrator is back in control of the previously compromised account. As of December 2015, users with advanced permissions are formally required to maintain a password that meets certain specific requirements and may have their passwords audited by the Wikimedia Foundation. Although users with other specialized functions (such as template editor) are not formally required to maintain strong passwords or have them audited, they are still strongly encouraged to do so.


Two-factor authentication (2FA)[edit] See also: meta:Help:Two-factor authentication and Wikipedia:Simple 2FA Wikimedia's implementation of two-factor authentication (2FA) is a way of strengthening the security of your account. If you enable two-factor authentication, every time you log in you will be asked for a one-time six digit number in addition to your password. This number can be provided by an app on your smartphone or other authentication device. In order to login you must know your password and have your authentication device available to generate the code. Enrolling[edit] To set up two-factor authentication: This action is limited to Administrators, Bureaucrats, Oversighters, Checkusers, and Edit filter managers. First you must have or install a Time-based One-time Password Algorithm (TOTP) client. For most users, this will be a phone or tablet application. Google Authenticator is a popular example Android iOS, along with other implementations of it. Next go to Special:OATH (this link is also available from your preferences). Special:OATH presents you with a QR code containing the Two-factor account name and Two-factor secret key. This is needed to pair your client with the server. Scan the QR code with, or enter the two-factor account name and key into, your TOTP client. Enter a verification code from your TOTP client into the OATH screen to complete the enrollment. Note: You will also be presented with a series of one-time scratch codes. Safely store a copy of these codes, should you lose or have a problem with your TOTP client you will be locked out of your account unless you have access to these codes.


Notes[edit] For advice on personal security, including passwords, see Wikipedia:Personal security practices and Keys to a Strong Password. Users are encouraged to provide an email address in their preferences, as this enables them to reset their password via email if necessary. (Providing an email address also makes possible communications with other users via email; this can be disabled in preference by unchecking the option "Enable e-mail from other users".)


See also[edit] Wikipedia:Avoid scams Wikipedia:Blocking policy Wikipedia:Password strength requirements Password strength Don't leave your fly open Wikipedia:Secure server Wikipedia:Committed identity Wikipedia:FAQ/Technical (how to recover password) Wikipedia:Wikipedia Signpost/2006-02-06/Password security Wikipedia:Wikipedia Signpost/2006-12-18/Technology report Wikipedia:Wikipedia Signpost/2007-05-07/Admins desysopped Wikipedia:Wikipedia Signpost/2010-08-02/Technology report Wikipedia:Wikipedia Signpost/2015-11-11/Discussion report Wikipedia:Village pump (proposals)/Account security v t e Wikipedia accounts and governance Unregistered (IP) users Why create an account? Create an account Request an account IPs are human too IP addresses are not people IP hopper Registered users New account Logging in Reset passwords Username policy Changing username Usernames for administrator attention Unified login or SUL Alternate account Account security Password strength requirements User account security Personal security practices Two-factor authentication Simple 2FA 2FA for AWB Committed identity On privacy, confidentiality and discretion Compromised accounts Blocks, global locks, bans, sanctions Blocking policy FAQ Admins guide Tools Autoblock Appealing a block Guide to appealing blocks UTRS Unblock Ticket Request System Blocking IP addresses Range blocks IPv6 Open proxies Global locks Banning policy ArbCom appeals Sanctions Personal sanctions General sanctions Discretionary sanctions and Log Essay Long-term abuse Standard offer Related to accounts Sock puppetry Single-purpose account Sleeper account Vandalism-only account Wikibreak Enforcer Retiring Courtesy vanishing Clean start Quiet return User groups and global user groups Requests for permissions Admin instructions Admin guide Account creator PERM Autopatrolled PERM AutoWikiBrowser PERM Confirmed PERM Extended confirmed PERM Edit filter helper File mover PERM Mass message sender PERM New page reviewer PERM Page mover PERM Pending changes reviewer PERM Rollback PERM Template editor PERM IP-block-exempt Requests Courses access Requests Bot accounts Requests Global rights policy OTRS Volunteer Response Team Advanced user groups Administrators RfA Bureaucrats RfB Edit filter manager Requests CheckUser and Oversight Requests Founder Committees and related Arbitration Committee Mediation Committee Bot approvals group Functionaries Clerks Governance Administration FAQ Formal organization Editorial oversight and control Quality control Wikimedia Foundation Board Founder's seat Meta-Wiki Leadership opportunities WikiProjects Elections Policies and guidelines Unbundling administrators' powers Petitions Noticeboards Consensus Dispute resolution Reforms Retrieved from "https://en.wikipedia.org/w/index.php?title=Wikipedia:User_account_security&oldid=817308380" Categories: Wikipedia information pagesHidden categories: Wikipedia move-protected project pages


Navigation menu Personal tools Not logged inTalkContributionsCreate accountLog in Namespaces Project pageTalk Variants Views ReadEditView history More Search Navigation Main pageContentsFeatured contentCurrent eventsRandom articleDonate to WikipediaWikipedia store Interaction HelpAbout WikipediaCommunity portalRecent changesContact page Tools What links hereRelated changesUpload fileSpecial pagesPermanent linkPage informationWikidata item Print/export Create a bookDownload as PDFPrintable version In other projects MediaWiki Languages فارسی한국어ଓଡ଼ିଆ中文 Edit links This page was last edited on 27 December 2017, at 15:04. Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization. Privacy policy About Wikipedia Disclaimers Contact Wikipedia Developers Cookie statement Mobile view (window.RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgPageParseReport":{"limitreport":{"cputime":"0.112","walltime":"0.167","ppvisitednodes":{"value":363,"limit":1000000},"ppgeneratednodes":{"value":0,"limit":1500000},"postexpandincludesize":{"value":43371,"limit":2097152},"templateargumentsize":{"value":300,"limit":2097152},"expansiondepth":{"value":9,"limit":40},"expensivefunctioncount":{"value":5,"limit":500},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 111.360 1 -total"," 50.47% 56.201 1 Template:Infopage"," 41.52% 46.238 1 Template:Ombox"," 16.09% 17.916 1 Template:Shortcut"," 15.02% 16.724 1 Template:Wikipedia_accounts"," 12.76% 14.209 1 Template:Pp-move-indef"," 12.05% 13.419 1 Template:Navbox"," 8.91% 9.917 1 Template:See_also"," 6.24% 6.954 1 Template:Nutshell"," 5.00% 5.567 1 Template:Namespace_detect"]},"scribunto":{"limitreport-timeusage":{"value":"0.040","limit":"10.000"},"limitreport-memusage":{"value":1676640,"limit":52428800}},"cachereport":{"origin":"mw1251","timestamp":"20180128003417","ttl":1900800,"transientcontent":false}}});});(window.RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgBackendResponseTime":93,"wgHostname":"mw1251"});});


Wikipedia:User_account_security - Photos and All Basic Informations

Wikipedia:User_account_security More Links

Wikipedia:Secure ServerWikipedia:Password Strength RequirementsWikipedia:Project NamespaceWikipedia:Policies And GuidelinesWikipedia:ConsensusWikipedia:ShortcutPasswordPassword StrengthPassword CrackingHelp:PreferencesRule Of ThumbPassword StrengthNecessity And SufficiencyComputer SecurityKeyloggerWikipedia:AdministratorsWikipedia:BureaucratWikipedia:CheckuserWikipedia:StewardWikipedia:OversightPassword StrengthWikipedia:PSRWikimedia FoundationWikipedia:User Access LevelsWikipedia:Template EditorWikipedia:Simple 2FATwo-factor AuthenticationTime-based One-time Password AlgorithmGoogle AuthenticatorGoogle AuthenticatorSpecial:Two-factor AuthenticationSpecial:PreferencesSpecial:Two-factor AuthenticationQR CodeWikipedia:Personal Security PracticesHelp:Email ConfirmationSpecial:PreferencesWikipedia:Avoid ScamsWikipedia:Blocking PolicyWikipedia:Password Strength RequirementsPassword StrengthWikipedia:Secure ServerWikipedia:Committed IdentityWikipedia:FAQ/TechnicalWikipedia:Wikipedia Signpost/2006-02-06/Password SecurityWikipedia:Wikipedia Signpost/2006-12-18/Technology ReportWikipedia:Wikipedia Signpost/2007-05-07/Admins DesysoppedWikipedia:Wikipedia Signpost/2010-08-02/Technology ReportWikipedia:Wikipedia Signpost/2015-11-11/Discussion ReportWikipedia:Village Pump (proposals)/Account SecurityTemplate:Wikipedia AccountsTemplate Talk:Wikipedia AccountsUser (computing)GovernanceWikipedia:User Access LevelsWikipedia:Why Create An Account?Special:CreateAccountWikipedia:Request An AccountWikipedia:IPs Are Human TooWikipedia:IP Addresses Are Not PeopleWikipedia:IP HopperWikipedia:New AccountHelp:Logging InHelp:Reset PasswordWikipedia:Username PolicyWikipedia:Changing UsernameWikipedia:Usernames For Administrator AttentionWikipedia:Unified LoginWikipedia:Sock PuppetryWikipedia:Password Strength RequirementsWikipedia:Personal Security PracticesHelp:Two-factor AuthenticationWikipedia:Simple 2FAWikipedia:Using AWB With 2FATemplate:Committed IdentityWikipedia:On Privacy, Confidentiality And DiscretionWikipedia:Compromised AccountsWikipedia:Blocking PolicyWikipedia:FAQ/BlocksWikipedia:Administrators' Guide/BlockingWikipedia:Administrators' Guide/Blocking/ToolsWikipedia:AutoblockWikipedia:Appealing A BlockWikipedia:Guide To Appealing BlocksWikipedia:Unblock Ticket Request SystemWikipedia:Blocking IP AddressesWikipedia:Open ProxiesWikipedia:Banning PolicyWikipedia:Arbitration Committee/Ban AppealsWikipedia:SanctionsWikipedia:Editing RestrictionsWikipedia:General SanctionsWikipedia:Arbitration Committee/Discretionary SanctionsWikipedia:Arbitration Enforcement LogWikipedia:Sanctions (essay)Wikipedia:Long-term AbuseWikipedia:Standard OfferWikipedia:Sock PuppetryWikipedia:Single-purpose AccountWikipedia:Sleeper AccountWikipedia:Vandalism-only AccountWikipedia:WikibreakWikipedia:WikiProject User Scripts/Scripts/WikiBreak EnforcerWikipedia:RetiringWikipedia:Courtesy VanishingWikipedia:Clean StartUser:Worm That Turned/Quiet ReturnWikipedia:User Access LevelsWikipedia:Requests For PermissionsWikipedia:Requests For Permissions/Administrator InstructionsWikipedia:Administrators' Guide/Granting And Revoking User RightsWikipedia:Account CreatorWikipedia:Requests For Permissions/Account CreatorWikipedia:AutopatrolledWikipedia:Requests For Permissions/AutopatrolledWikipedia:AutoWikiBrowserWikipedia:Requests For Permissions/AutoWikiBrowserWikipedia:User Access LevelsWikipedia:Requests For Permissions/ConfirmedWikipedia:User Access LevelsWikipedia:Requests For Permissions/Extended ConfirmedWikipedia:Edit Filter HelperWikipedia:File MoverWikipedia:Requests For Permissions/File MoverWikipedia:Mass Message SendersWikipedia:Requests For Permissions/Mass Message SenderWikipedia:New Pages Patrol/ReviewersWikipedia:Requests For Permissions/New Page ReviewerWikipedia:Page MoverWikipedia:Requests For Permissions/Page MoverWikipedia:Reviewing Pending ChangesWikipedia:Requests For Permissions/Pending Changes ReviewerWikipedia:RollbackWikipedia:Requests For Permissions/RollbackWikipedia:Template EditorWikipedia:Requests For Permissions/Template EditorWikipedia:IP Block ExemptionWikipedia:Unblock Ticket Request SystemWikipedia:User Access LevelsWikipedia:Education NoticeboardWikipedia:Bot PolicyWikipedia:Bots/Requests For ApprovalWikipedia:Global Rights PolicyWikipedia:Volunteer Response TeamWikipedia:AdministratorsWikipedia:Requests For AdminshipWikipedia:BureaucratsWikipedia:Requests For AdminshipWikipedia:Edit FilterWikipedia:Edit Filter NoticeboardWikipedia:CheckUserWikipedia:OversightWikipedia:Arbitration Committee/CheckUser And OversightWikipedia:Role Of Jimmy WalesWikipedia:CommitteesWikipedia:Arbitration CommitteeWikipedia:Mediation CommitteeWikipedia:Bot Approvals GroupWikipedia:FunctionariesWikipedia:Sockpuppet Investigations/SPI/ClerksWikipedia:AdministrationWikipedia:AdministrationWikipedia:FAQ/AdministrationWikipedia:Formal OrganizationWikipedia:Editorial Oversight And ControlWikipedia:Quality ControlWikipedia:Wikimedia FoundationWikipedia:Board Of TrusteesWikipedia:Founder's SeatWikipedia:MetaWikipedia:Leadership OpportunitiesWikipedia:WikiProjectWikipedia:ElectionsWikipedia:Policies And GuidelinesWikipedia:Unbundling Administrators' PowersWikipedia:List Of PetitionsWikipedia:NoticeboardsWikipedia:ConsensusWikipedia:Dispute ResolutionWikipedia:ReformsHelp:CategoryCategory:Wikipedia Information PagesCategory:Wikipedia Move-protected Project PagesDiscussion About Edits From This IP Address [n]A List Of Edits Made From This IP Address [y]View The Project Page [c]Discussion About The Content Page [t]Edit This Page [e]Visit The Main Page [z]Guides To Browsing WikipediaFeatured Content – The Best Of WikipediaFind Background Information On Current EventsLoad A Random Article [x]Guidance On How To Use And Edit WikipediaFind Out About WikipediaAbout The Project, What You Can Do, Where To Find ThingsA List Of Recent Changes In The Wiki [r]List Of All English Wikipedia Pages Containing Links To This Page [j]Recent Changes In Pages Linked From This Page [k]Upload Files [u]A List Of All Special Pages [q]Wikipedia:AboutWikipedia:General Disclaimer



view link view link view link view link view link