https://en.wikipedia.org/wiki/Wikipedia:Security_review_RfC
Results:
- Length increase to 6 bytes
- Length increase to 8 bytes
- Uncommon passwords
- Add a password strength bar to the "Create account" page
- Password requirements for Crats, Stewards and Founder groups
- Password requirements for Functionary group
- Password requirements for Administrator group
- Password requirements for Edit Filter Manager group
- Regular audits for Functionary group
- Regular audits for Administrator group
Of these
- Increasing the password length is to 8 bytes and requiring uncommon passwords are easy: T119100: Increase MinimalPasswordLength to 8 for several local and global groups
- Since policies are group based, we'll apply the settings to the local enwiki groups: sysops, bureaucrat, steward, and founder
- Adding a password strength meter is a good idea, but will require some development work
- Regular audits will take some work to get setup