Password storage update

Lots of small and big changes to the password storage and password security have been put off for some time. The potential password leak in October 2013 identified a number of areas where MediaWiki could be improved.

• Passwords should be stored in a stronger format, and/or with a stronger hash algorithm (Bugzilla: 28419, gerrit:77645)
• Passwords for attached, CentralAuth accounts shouldn't be stored in the local wiki's database (Bug ?)
• We need a way to force password resets for affected users if passwords are compromised (Bug 54997, gerrit:92037)
• MediaWiki lacks a way to enforce good passwords
  • Requests_for_comment/Password_requirements
  • And possibly Requests_for_comment/Password_strength
  • Combined into Requests_for_comment/Passwords
• UX would like changes to the interface
  • Password_reset
• https://bugzilla.wikimedia.org/show_bug.cgi?id=54914

• User requirements:
• Specifications:
• Software design document:
• Test plan:
• Documentation plan:
• User interface design docs:
• Schedule:
• Task management:
• Release management plan:
• Communications plan: