**Author:** `mike.lifeguard+bugs`
**Description:**
Apparently Brion ran at least once a "password cracker" (http://meta.wikimedia.org/wiki/Talk:Stewards#Proposed_security_policy). While that's useful to identify vulnerable accounts, it is perhaps best to enforce minimum password strength from the get-go.
This extension should have the ability to
*force users to reset their password every X timespan
*enforce minimum password length
*enforce varying levels of password security by user group (ie admins have an intermediate level, stewards must have a high level)
*bug 9838 Send notification to account owner on multiple unsuccessful login attempts
*maybe other stuff I've not thought about
--------------------------
**Version**: unspecified
**Severity**: enhancement
**See Also**:
https://bugzilla.wikimedia.org/show_bug.cgi?id=44788
https://bugzilla.wikimedia.org/show_bug.cgi?id=25925