Help talk:Login notifications

Jump to navigation Jump to search

About this board

==Login succesful and phishing==

Summary by NKohli (WMF)

Unrelated to the extension.

2800:A4:2241:8400:501F:E115:8115:1B00 (talkcontribs)

What should we do if we can't login anymore because phishing has been succesful? Thanks

NKohli (WMF) (talkcontribs)

The notifications should be more informative...

3 (talkcontribs)

...for example, the e-mail should say the IP address, the owner of the IP (based on a "whois" lookup) and the operating system that the user was on, and whether the login was successful or not. (The way that the message is worded, it sounds like the logins were successful, therefore, probably me! But this help article says that the feature is triggered for unsuccessful logins. Multiple unsuccessful logins should result in a message saying how many unsuccessful attempts there were.)

~~~~ (talkcontribs)

I think so.

SharabSalam (talkcontribs)
Reply to "The notifications should be more informative..."

Trying to log in to Wikidata

1 (talkcontribs)

That's ridiculous, I am logged in Commons and I was able to log in even though my password is only 9 characters but not I cant do it.

Reply to "Trying to log in to Wikidata"

Password suggestions are a little misleading

Rugk (talkcontribs)

The suggestions in Help:Login notifications#Have a strong password are not really up-to-date.

You should not really emphasize the need of special characters or so. It is easy to mathematically calculate (see Wikipedia; n=length of password; k=character set to choose from) that longer passwords are much more secure than a same-length password with more special characters.

This also aligns with new policies by the NIST. See e.g.

Vampire Michella100 (talkcontribs)

Wikipedia needs to change this.

They should at least use a password reset or security questions similar to Gmail or Facebook.


If you remember the date you join.

Identify the articles you've written.


Then they give you a reset link with your E-Mail.

Rugk (talkcontribs)

Sorry, but no. This is exactly the wrong way and also included in the new NIST guidelines. "Knowledge-based authentication" is out as it is totally insecure. (one can just look on Facebook and see most of these things or so.)

And what articles you've written is public too, so you cannot authenticate with that…

This is really only about clarifying the paragraph there…

Reply to "Password suggestions are a little misleading"

Reword the subject of the email about new login

Kaartic (talkcontribs)

For me the email subject reads "Login to MediaWiki as Kaartic from a computer you have not recently used". I guess using the generic word device might be a better alternative for computer. So the message would read "Login to MediaWiki as Kaartic from a device you have not recently used".

Just a suggestion :-) BTW, I'm not sure whether this is the perfect place to suggest this ;-)

NKohli (WMF) (talkcontribs)

Isn't a phone a computer too? ;)

But I get your point. Thanks for the suggestion. I'll look into updating it.

Kaartic (talkcontribs)

Not many people consider their mobile to be a computer though technically it can be called one. Also, I've seen the usage of the term "device" in messages like this by other services like Gmail so I thought it would be better to be consistent.

I do get that you get my point. Just adding some reason as to why I was suggesting this. :)

Cannot mark the notification as read.

Summary by NKohli (WMF)


Igusarov (talkcontribs)

Dear developers,

I'm getting lots of notifications along the lines of "login from unknown device". I stronlgy believe these notifications are false alarms, so I'm trying to ignore them all. Unfortunately, sometimes it's impossible to mark a notification 'read'.

Imagine: I log in to my account on and see the "1" marker against the web notification bell icon. Ok, I open the notification list just to see that it was yet another message "someone (probably you) etc.etc.". So I click the blue dot next to the message and the dot changes to hollow grey. I may click "mark every message read" as well - the outcome would be the same. Thus far everything is good (but annoying). The problem is that if I refresh the page or go to another wiki page, the notification would reappear again. And it wouldn't go off no matter what I do (log out, restart the browser, reboot the tablet, disable these notifications in my user settings).

Please help: what should I do to get rid of it?


Geographyinitiative (talkcontribs)

I am experiencing the same problem as Igusarov. 4 months ago, I got a message saying 'There has been a failed attempt to log in to your account from a new device. Please make sure your account has a strong password.' I can't get rid of it- I log in every day to see a little grey "1" next to the bell symbol at the top of the page.

Kaartic (talkcontribs)

> I can't get rid of it- I log in every day to see a little grey "1" next to the bell symbol at the top of the page.

There is actually a way (2, to be precise) to dismiss it. It's sort of a workaround. You can dismiss it by clicking on the "blue dot" found near the notification (This actually works for any notification). Also, you could dismiss the offending notification by visiting Special:Notifications in the appropriate wiki and click on the "Mark group as read" button when you're in "All" section.

NKohli (WMF) (talkcontribs)
Geographyinitiative (talkcontribs)

I solved the problem using the blue dot method. Thanks!

NKohli (WMF) (talkcontribs)

This bug has now been fixed. If this happens to you again, please let me know. Thank you for your patience with this.

Igusarov (talkcontribs)

Thank you for fixing the bug!

I haven't seen such notifications in quite a long while.

Add language in the email with the title "Failed attempt to log in to Wikipedia as X"

Jona (talkcontribs)

This is not really a discussion, it is more a feature request but I posted here to guide me to the creation of the feature request if relevant.

I have a unified login. I get the email with title "Failed attempt to log in to Wikipedia as X" in multiple languages. When it comes from a language that I'm not sure recognize, I would like to have an hint from which Wikipedia the message comes. So far, I have to hover the "change password" link to see that the url is

I suggest to improve the message saying : "Failed attempt to log in to Wikipedia (xx) as X".

Reply to "Add language in the email with the title "Failed attempt to log in to Wikipedia as X""

Got a successful login mail altghough I did not enable that feature?

Rugk (talkcontribs)

I got this thing described here as a mail yesterday: Help:Login_notifications#Successful_logins

I may have logged in yesterday, that may be correct. However, I am not aware that I have ever opted-in/enabled that feature… (I also did not got it from any other wiki yet.)

Maybe this was a false-positive. I do not even know, where I could enable/disable that feature (although you possibly could document that here). And after logging in again now for posting this, I also did not get any mail.

NKohli (WMF) (talkcontribs)

Hi @Rugk! This feature is enabled for all users by default as a security measure. You can disable it in your Special:Preferences under the "Notifications" tab. If you use multiple wikis, you can disable it in your Global Preferences (also under Special:Preferences).

Notifications are only sent for logins from unknown devices or IP addresses. Once the system knows about that device or IP address, it no longer sends notifications for new logins from those devices.

Rugk (talkcontribs)

Okay, thanks. Also explained in the entry, I did not notice that… sorry.

NKohli (WMF) (talkcontribs)

Perfectly fine! :)

Otr500 (talkcontribs)

It seems everyone will gripe when something (perceived) "goes against the grain". I was hacked on a major website (the incident made national news) that involved a loss of money (that was replaced) so I would like to say thanks for the effort. I do not have to read between the lines to understand "IF" I attempted to log in and for 1000 reasons: Like missing a button with my tired eyes, forgot I changed the password, and because of a brain-fart, repeated the error, then hit the wrong button again, or logged in from an unknown browser or phone (etc...), I pretty much will know it is me that did this and can just ''ignore the message''. On the other hand; if it was not me (or my wife) then maybe it could have been a "hack attack". I am glad I get the notices (happened today) and can put up with some redundant messages, so thanks. Otr500 (talk) 23:09, 29 September 2018 (UTC)

Bjs (talkcontribs)

Hi Otr500, you describe the case when someone fails to login. In that case, I fully agree with your opinion. The base of the present thread, however, is a case in which you receive such a message everytime you successfully Login, only because the server does not remember, due to any reason such as problems with cookies, that you have already logged in from the same device. However, in the past six months, this happened only once or twice to me so that I think the Underlying problem has been solved.

Reply to "Praises"

I am tired of these notifications

HastaLaVi2 (talkcontribs)

Hi, recently I have started to log into my account from a different PC. After the occasion, I kept getting notifications about someone successfully entering my I’d and password. It happens every day and the notification won’t go away, even though I click on it or check it to mark as read. It stays there with gray number. It is really annoying. Can someone suggest anything?

Note: I do not want to change my password

NKohli (WMF) (talkcontribs)

Hi @HastaLaVi2. I'm sorry for the repeated notifications. This is a known bug and we are trying to solve it in task T174220. I'll let you know as soon as we fix it. Thank you. (talkcontribs)

same here too drew270

NKohli (WMF) (talkcontribs)

This bug has now been fixed. If this happens to you again, please let me know. Thank you for your patience with this.

HastaLaVi2 (talkcontribs)

Yeah, no problem here anymore. Seems that it is ok, thank you.

Reply to "I am tired of these notifications"