Password storage update
Password storage update
|
Rationale
editLots of small and big changes to the password storage and password security have been put off for some time. The potential password leak in October 2013 identified a number of areas where MediaWiki could be improved.
- Passwords should be stored in a stronger format, and/or with a stronger hash algorithm (Bugzilla: 28419, gerrit:77645)
- Passwords for attached, CentralAuth accounts shouldn't be stored in the local wiki's database (Bug ?)
- We need a way to force password resets for affected users if passwords are compromised (Bug 54997, gerrit:92037)
- MediaWiki lacks a way to enforce good passwords
Requests_for_comment/Password_requirementsAnd possibly Requests_for_comment/Password_strength- Combined into Requests_for_comment/Passwords
- UX would like changes to the interface
- https://bugzilla.wikimedia.org/show_bug.cgi?id=54914
Timeline
editDocuments
edit- User requirements:
- Specifications:
- Software design document:
- Test plan:
- Documentation plan:
- User interface design docs:
- Schedule:
- Task management:
- Release management plan:
- Communications plan: