What is the problem?
The Security team would like to increase the minimum requirements for all new Wikimedia accounts in addition to the password requirements for all users holding administrator permissions. We feel very confident that our proposed changes are low-risk, high-impact but are open to altering the requirements based on strong community consensus. The current minimum requirements are at Special:PasswordPolicies.
What does success of this task look like? How do we know when we are done?
The proposed changes to the minimum password requirements (or a near-variation of) are live on production for all Wikimedia wikis.
Is there any goal, program, project, team related with this request?
- No Phabricator tasks have been created yet, to my knowledge.
- This is a request from the Security team that will most likely built by the Anti-Harassment tools team, with @TBolliger (me) as Product Manager.
What is your expected timeline from start to end? Is there a hard deadline?
The deadline is not hard, but here is a rough proposed schedule of work:
- October — Get a Community Liaison to perform on-wiki communication.
- October (or whenever the Security team’s blog post goes live) — begin on-wiki communication
- October — create Phabricator tasks and other needed documentation
- November — AHT developers to estimate the work for this project
- Development to occur at natural stopping point of AHT’s current project of ‘Partial Blocks’
Please list the subtasks that you would need a Specialist to perform.
- Create or help Product Manager create & maintain a project page
- Determine breadth of this consultation and how to best present this work to our users
- Make announcements to stimulate discussion & participation
- Triage comments/questions/etc. in on-wiki discussion — either responding directly or handing off to Product Manager, Security team, or engineer.