Topic on Talk:Wikimedia Security Team/Password strengthening 2019

Ivanvector (talkcontribs)

Neat interface you got here. Couple questions:


1) are all privileged users now required to choose a new password? Or only those who do not meet the new requirements at the time of implementation?

1a) what happens to an account that does not comply?


2) are existing non-privileged accounts subject to the new requirements at implementation, or will they be in the future? Or is this only for new accounts?

TBolliger (WMF) (talkcontribs)

Hello Ivanvector, thanks for your questions.

error message when a privileged user logs in with a short password


1) No. Those who have passwords that meet the new requirements can carry-on with business as usual. Those who do not meet the new requirements will see the warning message (pictured right) when they log in. When they change or reset their password the new password minimums will be required.

We strongly encourage privileged users to not skip this step and to update the passwords.


2) At this time all existing non-privileged accounts will not need to change their passwords unless they manually change or reset their passwords.

It is important to note that password requirements will never be set in stone — there may be other changes in the future. Password security is an ever-evolving and ever-maturing topic and we want to make sure all our users and our wikis are safe from malicious actors.

Reply to "Forced update?"