Page MenuHomePhabricator
Create Task
Maniphest T184208

Security checkup/reminder for verifying email and authentication details
Open, MediumPublic
Actions

Description

(the below idea is based on an idea raised on hewiki WP:VP)
Many websites have regular security checkups - reminding users to verify their preferences, e.g something as "is your password strong enough? if you loose your password, would you be able to recover it? did you verify your email? is your email still valid? Would you like to enable 2 factors authentication?"

This is especially important for the following scenarios:

  • new users getting registered and forgetting to fill/verify their email. Shortly afterwards, they forget their password and need to create new account. If they decided to not fill email, they should be aware that it isn't possible to recover the password (so they should either fill it or backup their password)
  • users setting easy password on first signup (the potential damage of the password being lost/stolen is small), and as they get more trusted and more user rights they are not aware to the importance of replacing to strong password

I suggest to have such reminder in the following milestones:

  • Shortly after user get registered (1 edit? 10th edit? 4 days on auto promote to auto-confirmed?)
  • Whenever a user-right change (getting more rights => more potential damage)

Related Objects
Search...

Event Timeline

eranroz created this task.Jan 4 2018, 7:19 PM
Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptJan 4 2018, 7:19 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
eranroz added a subtask: T58028: Show Echo web notification (asking users to consider providing an email) to users who don't have an e-mail address associated with their account.Jan 4 2018, 7:21 PM
eranroz added a subtask: T58074: Remind users who have entered an email address, but haven't confirmed it.
Catrope added subscribers: Bawolff, Reedy, Catrope.Jan 9 2018, 7:09 PM

Is the Security team interested in working on this? @Reedy @Bawolff (sorry for the individual pings, I couldn't find a tag for the security team itself).

Catrope moved this task from Untriaged to External on the Collaboration-Team-Triage board.Jan 9 2018, 7:23 PM
Bawolff added a project: Security-Team.Jan 9 2018, 7:25 PM
Restricted Application added a project: Growth-Team. · View Herald TranscriptAug 28 2018, 12:59 PM
chasemp triaged this task as Medium priority.Sep 4 2018, 4:04 PM
chasemp edited projects, added Security-team-backlog; removed Security-Team.
chasemp subscribed.
In T184208#3887593, @Catrope wrote:

Is the Security team interested in working on this? @Reedy @Bawolff (sorry for the individual pings, I couldn't find a tag for the security team itself).

poke @Reedy or @Bawolff

Phabricator_maintenance added a project: acl*security.Sep 20 2018, 9:15 AM
Aklapper removed a project: Security-General.Dec 13 2019, 10:46 AM
chasemp edited projects, added Security-Team; removed Security-team-backlog.Dec 23 2019, 5:12 PM
chasemp moved this task from Incoming to Back Orders on the Security-Team board.
chasemp added a project: Security.Feb 10 2020, 10:58 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:07 PM
MBinder_WMF added a project: Growth-Team-Filtering.Apr 15 2021, 6:56 PM
Aklapper removed a project: Collaboration-Team-Triage.May 25 2021, 9:09 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits