Page MenuHomePhabricator
Create Task
Maniphest T208441

👩‍👦‍👦 AHT password strengthing work, 2018/19
Closed, ResolvedPublic
Actions

Description

Make the passwords for new Wikimedia accounts and all admin accounts more secure. See the subtasks for more info.

Details

SubjectRepoBranchLines +/-
Require passwords do not match account names for all usersoperations/mediawiki-configmaster+2 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

TBolliger created this task.Oct 31 2018, 4:47 PM
Restricted Application added subscribers: MGChecker, Aklapper. · View Herald TranscriptOct 31 2018, 4:47 PM
TBolliger added a subtask: T205931: Specialist support for 2018/19 password strengthening project.Oct 31 2018, 4:47 PM
TBolliger added a subtask: T208246: Change password length requirement and ensure enforcement for privileged users (from 8 to 10).
TBolliger added a subtask: T208065: Technical investigation for password changes.
TBolliger added a subtask: T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config.
Framawiki subscribed.Oct 31 2018, 7:44 PM

Related: T197577: Increase password policies for the 'steward' group and others

TBolliger added a comment.Oct 31 2018, 9:56 PM
In T208441#4710847, @Framawiki wrote:

Related: T197577: Increase password policies for the 'steward' group and others

Yeah, good catch. Makes sense to bump this one up too. I forget, though... do Stewarts also need 2FA? If so, the length is less of an issue.

TBolliger edited projects, added Anti-Harassment (AHT Sprint 33); removed Anti-Harassment.Nov 19 2018, 9:24 PM
TBolliger moved this task from Ready to Archive of tickets closed outside this sprint, but need someplace to go on the Anti-Harassment (AHT Sprint 33) board.
TBolliger edited projects, added Anti-Harassment; removed Anti-Harassment (AHT Sprint 33).Nov 19 2018, 9:37 PM
AfroThundr3007730 subscribed.Nov 23 2018, 11:45 PM
JBennett subscribed.Nov 27 2018, 1:46 PM
In T208441#4711167, @TBolliger wrote:
In T208441#4710847, @Framawiki wrote:

Related: T197577: Increase password policies for the 'steward' group and others

Yeah, good catch. Makes sense to bump this one up too. I forget, though... do Stewarts also need 2FA? If so, the length is less of an issue.

We recently requested stewards add 2FA. Most have it now.

MarcoAurelio subscribed.Nov 29 2018, 5:46 PM
Rschen7754 subscribed.Dec 5 2018, 4:51 AM
TBolliger mentioned this in T211621: The 'your password is weak' message should display on log in for privileged accounts only.Dec 10 2018, 7:45 PM
TBolliger created subtask T211622: Change password length requirement and ensure enforcement for non-privileged users (from 1 to 8).Dec 10 2018, 7:51 PM
TBolliger moved this task from Product/Tech backlog to Snackbox on the Anti-Harassment board.Dec 12 2018, 8:53 PM
TBolliger closed subtask T208246: Change password length requirement and ensure enforcement for privileged users (from 8 to 10) as Resolved.Dec 14 2018, 12:01 AM
gerritbot subscribed.Dec 14 2018, 12:01 AM

Change 479572 had a related patch set uploaded (by Jforrester; owner: Jforrester):
[operations/mediawiki-config@master] Require passwords do not match account names for all users

https://gerrit.wikimedia.org/r/479572

gerritbot added a project: Patch-For-Review.Dec 14 2018, 12:01 AM
TBolliger removed a project: Patch-For-Review.Dec 14 2018, 12:02 AM
CKoerner_WMF closed subtask T205931: Specialist support for 2018/19 password strengthening project as Resolved.Dec 19 2018, 5:37 PM
gerritbot added a comment.Jan 9 2019, 2:19 AM

Change 479572 abandoned by Jforrester:
Require passwords do not match account names for all users

Reason:
Already set through MW itself.

https://gerrit.wikimedia.org/r/479572

TBolliger moved this task from Snackbox to Cards ready for development on the Anti-Harassment board.Jan 30 2019, 10:38 PM
TBolliger moved this task from Cards ready for development to Dalet — ד on the Anti-Harassment board.Feb 13 2019, 7:50 PM
TBolliger edited projects, added Anti-Harassment (Dalet — ד); removed Anti-Harassment.
TBolliger edited projects, added Anti-Harassment (He — ה); removed Anti-Harassment (Dalet — ד).Feb 27 2019, 7:57 PM
TBolliger edited projects, added Anti-Harassment (Vav — ו); removed Anti-Harassment (He — ה).Mar 13 2019, 7:07 PM
TBolliger closed subtask T211621: The 'your password is weak' message should display on log in for privileged accounts only as Resolved.Mar 15 2019, 5:20 PM
Niharika changed the status of subtask T211622: Change password length requirement and ensure enforcement for non-privileged users (from 1 to 8) from Stalled to Open.Mar 17 2019, 6:23 PM
dmaza closed subtask T211622: Change password length requirement and ensure enforcement for non-privileged users (from 1 to 8) as Resolved.Mar 25 2019, 6:41 PM
Niharika closed this task as Resolved.Mar 25 2019, 7:19 PM
Niharika claimed this task.
Niharika triaged this task as Medium priority.
Niharika subscribed.

Looks like AHT work on this is complete.

Niharika removed Niharika as the assignee of this task.Mar 25 2019, 7:30 PM
Reedy mentioned this in T231360: Disable PasswordCannotBePopular in wmf production.Aug 27 2019, 5:02 PM
Jdforrester-WMF closed subtask T151425: Enlarge Popular Password File to 100,000 entries and enforce the new minimum in the config as Resolved.Sep 5 2019, 11:10 PM
Tgr mentioned this in T289799: [REQUEST] Investigate decrease in New Registered Users.Sep 30 2021, 4:30 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL