https://en.wikipedia.org/wiki/Wikipedia:Security_review_RfC
Results:
[] Length increase to 6 bytes
[] Length increase to 8 bytes
[] Uncommon passwords
[] Add a password strength bar to the "Create account" page
[] Password requirements for Crats, Stewards and Founder groups
[] Password requirements for Functionary group
[] Password requirements for Administrator group
[] Password requirements for Edit Filter Manager group
[] Regular audits for Functionary group
[] Regular audits for Administrator group
Of these
* Increasing the password length is to 8 bytes and requiring uncommon passwords are easy: {T119100}
** Since policies are group based, we'll apply the settings to the local enwiki groups: sysops, bureaucrat, steward, and founder
* Adding a password strength meter is a good idea, but will require some development work
* Regular audits will take some work to get setup