Page MenuHomePhabricator
Create Task
Maniphest T104371

Strengthen password policy for Stewards
Closed, ResolvedPublic
Actions

Description

After T94774, we can define password policies based on group membership.

Users in the Stewards group (https://meta.wikimedia.org/wiki/Special:GlobalGroupPermissions/steward) have access to interface editing globally, and are allowed to give themselves checkuser access. An account compromise could have a significant impact on the sites availability (adding slow/harmful javascript to the site), user privacy (checkuser, adding tracking code to the interface), and reputation (deliver browser exploits from our sites).

My proposal is setting an 8-byte minimum length (users will be prompted to change their password on login) in the near term, and then require 8-byte minimum passwords to login after users have had time to update their passwords.

Details

SubjectRepoBranchLines +/-
Set password policy for global steward groupoperations/mediawiki-configmaster+7 -0
Customize query in gerrit

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedKrenairT104371 Strengthen password policy for Stewards
 Resolved csteippT94774 Password policies by group

Event Timeline

csteipp created this task.Jun 30 2015, 6:56 PM
csteipp raised the priority of this task from to Needs Triage.
csteipp updated the task description. (Show Details)
csteipp added projects: Security-Team, Security-General.
csteipp added subscribers: Aklapper, csteipp, hoo.
csteipp mentioned this in T94774: Password policies by group.Jun 30 2015, 7:21 PM
Risker subscribed.Jun 30 2015, 7:48 PM
Teles subscribed.Jun 30 2015, 8:09 PM
Ricordisamoa subscribed.Jun 30 2015, 9:03 PM
Trijnstel subscribed.Jul 20 2015, 9:53 PM
Billinghurst subscribed.Sep 16 2015, 3:44 PM
Billinghurst added a parent task: T43492: [DO NOT USE] Steward, global sysop and SWMT tasks bugs (tracking) [superseded by #Stewards-and-global-tools].Sep 16 2015, 3:50 PM
MF-Warburg subscribed.Sep 16 2015, 6:35 PM
Luke081515 subscribed.Sep 17 2015, 2:43 PM
Glaisher added a project: Wikimedia-Site-requests.Sep 19 2015, 3:41 PM
Glaisher subscribed.
Restricted Application added a subscriber: Matanya. · View Herald TranscriptSep 19 2015, 3:42 PM
Glaisher moved this task from Backlog to Analysis / under discussion on the Wikimedia-Site-requests board.Sep 19 2015, 3:43 PM
MarcoAurelio subscribed.Sep 23 2015, 4:53 PM
Dzahn added a subtask: T94774: Password policies by group.Oct 16 2015, 9:34 PM
Liuxinyu970226 set Security to None.Oct 22 2015, 7:32 AM
Savh subscribed.Oct 26 2015, 4:57 PM
Legoktm added a project: Stewards-and-global-tools.Oct 27 2015, 4:57 PM
Bawolff mentioned this in T119100: Increase MinimalPasswordLength to 8 for several local and global groups.Dec 11 2015, 2:24 AM
Billinghurst unsubscribed.Dec 14 2015, 11:31 AM
Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptDec 14 2015, 11:31 AM
gerritbot subscribed.Dec 16 2015, 12:49 AM

Change 259439 had a related patch set uploaded (by CSteipp):
Set password policy for global steward group

https://gerrit.wikimedia.org/r/259439

gerritbot added a project: Patch-For-Review.Dec 16 2015, 12:49 AM
Trijnstel added a comment.Dec 18 2015, 2:29 PM

@csteipp: Any idea when this patch will go live? And could you please 'warn' us on time by sending an email to stewards-l via your wikimedia email address? Thanks! :)

csteipp added a comment.Dec 18 2015, 3:43 PM

@Trijnstel, we're now only doing critical deployments through the end of
the year, so the earliest I can deploy is the week of Jan 11th. I'll notify
the list at least a week in advance!

RuyP subscribed.Dec 29 2015, 9:54 PM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptDec 29 2015, 9:54 PM
Stryn subscribed.Jan 5 2016, 8:33 PM
Dereckson subscribed.EditedFeb 2 2016, 2:07 AM
In T104371#1890490, @csteipp wrote:

@Trijnstel, we're now only doing critical deployments through the end of
the year, so the earliest I can deploy is the week of Jan 11th. I'll notify
the list at least a week in advance!

@csteipp ping?

csteipp added a comment.Feb 9 2016, 4:29 PM

Thanks for the ping @Dereckson. I've scheduled this for deployment Evening SWAT tomorrow - https://wikitech.wikimedia.org/wiki/Deployments#Thursday.2C.C2.A0February.C2.A011

gerritbot added a comment.Feb 11 2016, 12:09 AM

Change 259439 merged by jenkins-bot:
Set password policy for global steward group

https://gerrit.wikimedia.org/r/259439

Krenair subscribed.Feb 11 2016, 12:13 AM

00:12:55 Synchronized wmf-config/CommonSettings.php: https://gerrit.wikimedia.org/r/#/c/259439/ (duration: 02m 20s)

Krenair closed this task as Resolved.Feb 11 2016, 12:35 AM
Krenair claimed this task.
Luke081515 moved this task from Analysis / under discussion to Done on the Wikimedia-Site-requests board.Mar 7 2016, 5:03 PM
MarcoAurelio moved this task from Untriaged to Closed on the Stewards-and-global-tools board.May 8 2016, 8:32 AM
MarcoAurelio removed a parent task: T43492: [DO NOT USE] Steward, global sysop and SWMT tasks bugs (tracking) [superseded by #Stewards-and-global-tools].Jan 11 2017, 11:39 PM
MarcoAurelio mentioned this in T197577: Increase password policies for the 'steward' group.Jun 18 2018, 9:32 AM
sbassett moved this task from Incoming to Our Part Is Done on the Security-Team board.Jun 11 2019, 7:18 PM
Zabe removed a project: Patch-For-Review.Feb 22 2022, 10:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy