Help talk:Login notifications

Not a useful warning. Wikipedia should include or allow me to access enough information to assess what sort of attack it was. Let me offer three attack scenarios that I could distinguish between. (1) Trivial dictionary attack with nothing but my user name and some frequently used passwords. This would be especially harmless if it was part of a broad attack at many user names. (2) A targeted attack based on one of my actual passwords. This might be a highly personal phishing attack where some other system has been breached and that password is being tested against other systems I might be using. (3) The attack might be based on a breach of Wikipedia itself, where the password they are probing with is a partial match of my actual password. Obviously not a total breach, since that would have avoided any login failure, but perhaps something that allows them to guess highly likely passwords and the failures were incorrect confirmation attempts.

In addition to information about the nature of the login failures, something to help identify a successful breech would be helpful. Right now the only information that comes to mind would be a summary of my edits since the possible attack. I probably can't remember every edit I've made, but I almost surely could recognize weird patterns.

(Why did it MediaWiki apparently log me out? Was that a security thing? Anyway, I don't see any reason not to put my identity on this suggestive feedback (?).)

That's ridiculous, I am logged in Commons and he.wiki. I was able to log in even though my password is only 9 characters but not I cant do it.

...for example, the e-mail should say the IP address, the owner of the IP (based on a "whois" lookup) and the operating system that the user was on, and whether the login was successful or not. (The way that the message is worded, it sounds like the logins were successful, therefore, probably me! But this help article says that the feature is triggered for unsuccessful logins. Multiple unsuccessful logins should result in a message saying how many unsuccessful attempts there were.)

~~~~

I think so.

I agree.-SharabSalam (talk) 09:59, 8 April 2020 (UTC)

I agree.

• The IP address / location would be helpful. I'd like to verify the login attempts are not the result of something going wrong with one of my devices.
• I'd like to understand whether the IP trying to login eventually got blocked. Or are they allowed to continue trying to brute force their way in to my account?

I agree that the number of attempts would be particularly useful, to distinguish between a serious attempt to crack and someone not sure if this was their account name.

Didn't we use to get an email that indicated the IP address from which login attempts were made? That was a very useful thing that helped weed out LTAs. A page teaching me about passwords is of no use.

Alguem pode me informar porque minha conta foi cancelada

Foram detectados problemas com a sua sessão; Esta ação foi cancelada como medida de proteção contra a interceptação de sessões. Experimente usar o botão "Voltar" e atualizar a página de onde veio e tente novamente.

This says: The extension allows you to get an email when a user logs in successfully to your account from an unfamiliar device and IP.

What extension? It says it's on by default but doesn't tell me where to check. Like, are we talking Preferences>somewhere? On my home wiki, or somewhere global? It would be useful to explain this for those who like me are not as techincally oriented, thanks!

I agree, take me off as well

I suspect that these notifications are shown a long time after the login attempt. Usually it's several hours, and sometimes it can be even several days. This misses the point of the notification. To be useful it's supposed to arrive after several seconds and not several hours. Sometimes I type my password incorrectly by mistake, and receive a notification after a long time. If I happen to remember that I mistyped the password, it's kind of OK, but it's not so robust. And when I don't remember if I mistyped it, I have to wonder: did I mistype it several days ago and forgot it, or was there an actual attempt to crack my account?

Other applications send such notifications instantly. Google and PayPal are obvious examples. They also show information the attempt, such as country and device brand. So it was an Android phone (which I own) from Israel (where I live), then it's less likely (though still possible) that it's a cracking attempt, and if it's a Windows device in Vietnam (this actually happened), then it may be a cracking attempt. I'm really, really not a security expert, but from the little I do know, these MediaWiki notifications are too slow and contain too little information to be really useful for security.

Apparently there have been 42 attempts to log into my account from other devices in the past 24 hours. Why is it that, when someone asks for a password change, we are told the IP address they tried it from, but when they make an attempt from another device, we can't get this information?

Porque una la inicio desde el celular y la otra desde el lap top

I don't see how that's an answer. Every device has an IP address. ~~~~

This has been requested at task T174388. Feel free to subscribe to that task to get updates