Page MenuHomePhabricator

Send notification to account owner on multiple unsuccessful login attempts
Closed, ResolvedPublic

Assigned To
Authored By
May 8 2007, 2:51 AM
Referenced Files
F3713: patch
Nov 21 2014, 9:36 PM
"Cookie" token, awarded by RandomDSdevel."Love" token, awarded by Kizule."Like" token, awarded by Reception123."Like" token, awarded by Ladsgroup."Like" token, awarded by Liuxinyu970226."Like" token, awarded by Addshore."Like" token, awarded by Luke081515.


Author: titoxd.wikimedia

Thinking along the lines of T11816, it would be advisable to send an email
notification to an account owner if someone is trying to log in to an account
and fails X number of times within a particular period of time.

See Also: T28227: Notify user by email when password changed

Related Objects

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
Resolved demon
Resolved Niharika
Resolved Niharika
Resolved Niharika
Resolved Niharika
Resolved Niharika

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

When would you expect this to go into production?

When would you expect this to go into production?

See ; typically a new extension takes between few weeks and a decade.

When would you expect this to go into production?

I have no specific timeline yet. Not for a while yet. Ill make sure tech news is notified whenever this becomes imminent

@Nemo_bis Yes. Which is why it is important to ask. (:

@Bawolff Good to know. And thanks.

In a long comment (now more like a paper), I added new ideas in T18435: New extension to enforce minimum password strength.

I've included additional considerations on security but the main point is about evaluation of password strength and how we can help users choosing stronger passwords (not just based on simple password lengths that users can't remember): it gives more choices to users and could provide better hints for them than just a simple measurement.

Consider commenting on it. After an initial request (TL;DR for a simple comment) I added some headings and structured it a bit, fixing some typos and adding notes for further considerations in each part.

There are also some possible extension about "strength classes" that we could administer for securiing the strongest class that should be needed to access some very elevated privileges (direct SQL access, inspecting server log files and private user data stored on servers, maintenance of the technical platform including DNS administration, write access to the MediaWiki code...)

kaldari closed subtask Restricted Task as Resolved.Apr 12 2017, 10:58 PM

LoginNotify is now on Test Wikipedia --

It's available for testing, if people want to give it a try.

The project page is here, with more info on the feature:

demon claimed this task.
demon added a subscriber: demon.

LoginNotify is everywhere now