Page MenuHomePhabricator

Targeted forced password update
Open, MediumPublic

Description

Use case: Some security breach at some other company that results in usernames/emails and passwords and/or hashes exposed. Users tend to reuse passwords across sites, thus, the security of their mediawiki password could also be compromised.

Thus, we could get access to that list of emails and force a password reset on their account on their next login. We'd also probably want the maint script to send the user an email when we do this.


Version: unspecified
Severity: enhancement

Details

Reference
bz66793

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 3:22 AM
bzimport set Reference to bz66793.
bzimport added a subscriber: Unknown Object (MLST).

I think something like this was done in T56847