Page MenuHomePhabricator

Create a password blacklist
Closed, DeclinedPublic

Description

Create a password blacklist located at MediaWiki:PasswordBlacklist so that users cannot use simple passwords such as 1234, password, or other weak passwords.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 22 2017, 8:05 AM
Aklapper closed this task as Declined.Jul 22 2017, 10:00 AM

This is an insufficient solution to a valid problem. Hence I am declining this task. Password strength nowadays is mostly defined by a minimum number of characters, requiring capital and non-capital case, numbers, other symbols, etc. Not by fiddling around with some blacklist.

Tgr added a subscriber: Tgr.Dec 4 2018, 10:56 PM

Password strength is totally defined with blacklists nowadays, but a wiki page is not sane storage for that. FWIW we now have a Composer package (wikimedia/password-blacklist) which packs the top 100K common passwords into a Bloom filter. See $wgPasswordPolicy on how to use it.

(Apologies for poking at old tasks but this is the top result when searching for "mediawiki password blacklist" so I figured it's helpful to have a pointer here.)