Page MenuHomePhabricator

Disallow identical usernames and passwords
Closed, ResolvedPublic


Author: mcdevitd

There seem to be a substantial number of accounts that have registered with
obvious passwords, the same as their usernames. Recently, vandals have been
hijacking dormant accounts like this to vandalize and evade blocks. This is a
serious security threat since 1) it means vandals can get around any account
creation blocks by using old accounts created on other IPs, and 2) we are forced
to block compromised dormant accounts that are use for vandalism, even if they
have prior edit histories. The software should prevent such unsafe passwords.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:40 PM
bzimport set Reference to bz9507.
bzimport added a subscriber: Unknown Object (MLST).

ayg wrote:

*** This bug has been marked as a duplicate of 3348 ***