Change Details

**Author:** `mike.lifeguard+bugs` **Description:** Apparently Brion ran at least once a "password cracker" (http://meta.wikimedia.org/wiki/Talk:Stewards#Proposed_security_policy). While that's useful to identify vulnerable accounts, it is perhaps best to enforce minimum password strength from the get-go. This extension should have the ability to *force users to reset their password every X timespan *enforce minimum password length *enforce varying levels of password security by user group (ie admins have an intermediate level, stewards must have a high level) *bug 9838 Send notification to account owner on multiple unsuccessful login attempts *maybe other stuff I've not thought about -------------------------- **Version**: unspecified **Severity**: enhancement **See Also**: https://bugzilla.wikimedia.org/show_bug.cgi?id=44788 https://bugzilla.wikimedia.org/show_bug.cgi?id=25925

**Author:** `mike.lifeguard+bugs` **Description:** Apparently Brion ran at least once a "password cracker" (http://meta.wikimedia.org/wiki/Talk:Stewards#Proposed_security_policy). While that's useful to identify vulnerable accounts, it is perhaps best to enforce minimum password strength from the get-go. This extension should have the ability to *force users to reset their password every X timespan *enforce minimum password length *enforce varying levels of password security by user group (ie admins have an intermediate level, stewards must have a high level) *T11838 Send notification to account owner on multiple unsuccessful login attempts *maybe other stuff I've not thought about -------------------------- **Version**: unspecified **Severity**: enhancement **See Also**: {T46788} {T27925}

**Author:** `mike.lifeguard+bugs` **Description:** Apparently Brion ran at least once a "password cracker" (http://meta.wikimedia.org/wiki/Talk:Stewards#Proposed_security_policy). While that's useful to identify vulnerable accounts, it is perhaps best to enforce minimum password strength from the get-go. This extension should have the ability to *force users to reset their password every X timespan *enforce minimum password length *enforce varying levels of password security by user group (ie admins have an intermediate level, stewards must have a high level) *bug 9838*T11838 Send notification to account owner on multiple unsuccessful login attempts *maybe other stuff I've not thought about -------------------------- **Version**: unspecified **Severity**: enhancement **See Also**: https://bugzilla.wikimedia.org/show_bug.cgi?id=44788{T46788} https://bugzilla.wikimedia.org/show_bug.cgi?id=25925{T27925}