Page MenuHomePhabricator

Targeted forced password update
Open, MediumPublicFeature


Use case: Some security breach at some other company that results in usernames/emails and passwords and/or hashes exposed. Users tend to reuse passwords across sites, thus, the security of their mediawiki password could also be compromised.

Thus, we could get access to that list of emails and force a password reset on their account on their next login. We'd also probably want the maint script to send the user an email when we do this.

Version: unspecified
Severity: enhancement



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:22 AM
bzimport set Reference to bz66793.
bzimport added a subscriber: Unknown Object (MLST).

I think something like this was done in T56847

Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 12:23 PM
Aklapper removed a subscriber: wikibugs-l-list.