Send notification to account owner on multiple unsuccessful login attempts
Closed, ResolvedPublic

Description

Author: titoxd.wikimedia

Description:
Thinking along the lines of T11816, it would be advisable to send an email
notification to an account owner if someone is trying to log in to an account
and fails X number of times within a particular period of time.


URL: https://en.wikipedia.org/wiki/Special:Userlogin
See Also: T28227: Notify user by email when password changed

Details

Reference
bz9838

Related Objects

StatusAssignedTask
OpenNone
InvalidWikinaut
OpenNone
Resolveddemon
OpenNone
Resolvedkaldari
ResolvedNiharika
ResolvedNiharika
ResolvedBawolff
ResolvedBawolff
DeclinedNone
Resolvedkaldari
ResolvedNiharika
ResolvedMusikAnimal
ResolvedNiharika
ResolvedNiharika
ResolvedReedy
ResolvedMaxSem
ResolvedJohan
OpenNone
There are a very large number of changes, so older changes are hidden. Show Older Changes
Johan added a subscriber: Johan.Apr 7 2016, 4:38 PM

When would you expect this to go into production?

When would you expect this to go into production?

See https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment ; typically a new extension takes between few weeks and a decade.

When would you expect this to go into production?

I have no specific timeline yet. Not for a while yet. Ill make sure tech news is notified whenever this becomes imminent

@Nemo_bis Yes. Which is why it is important to ask. (:

@Bawolff Good to know. And thanks.

Addshore added a subscriber: Addshore.
Verdy_p added a subscriber: Verdy_p.EditedNov 17 2016, 10:17 PM

In a long comment (now more like a paper), I added new ideas in T18435: New extension to enforce minimum password strength.

I've included additional considerations on security but the main point is about evaluation of password strength and how we can help users choosing stronger passwords (not just based on simple password lengths that users can't remember): it gives more choices to users and could provide better hints for them than just a simple measurement.

Consider commenting on it. After an initial request (TL;DR for a simple comment) I added some headings and structured it a bit, fixing some typos and adding notes for further considerations in each part.

There are also some possible extension about "strength classes" that we could administer for securiing the strongest class that should be needed to access some very elevated privileges (direct SQL access, inspecting server log files and private user data stored on servers, maintenance of the technical platform including DNS administration, write access to the MediaWiki code...)

Meno25 added a subscriber: Meno25.Jan 17 2017, 11:42 AM
Ladsgroup added a subscriber: Ladsgroup.
kaldari added a subtask: Restricted Task.Mar 25 2017, 1:31 AM
kaldari closed subtask Restricted Task as Resolved.Apr 12 2017, 10:58 PM
DannyH added a subscriber: DannyH.Jun 7 2017, 9:32 PM

LoginNotify is now on Test Wikipedia -- https://test.wikipedia.org/wiki/Main_Page

It's available for testing, if people want to give it a try.

The project page is here, with more info on the feature:

https://meta.wikimedia.org/wiki/Community_Tech/LoginNotify

Reception123 added a subscriber: Reception123.
demon closed this task as Resolved.Jan 25 2018, 2:16 AM
demon claimed this task.
demon added a subscriber: demon.

LoginNotify is everywhere now

Restricted Application added a subscriber: alanajjar. · View Herald TranscriptJan 26 2018, 5:31 AM