The section on "What should I do?" tells you that you should have a strong password, but it doesn't tell you what to do if you already do. Even a mention of "that's it" would be good.
Topic on Help talk:Login notifications
Thanks for the idea. I added this sentence: "Even if you do have a strong password, you may want to change passwords anyway, if you suspect that someone else has tried to access your account."
Do you think that's helpful?
I think that's helpful, but I don't think it fully addresses my concern: Basically, ensuring you have a strong password is the only action you can take as a user who is receiving these notifications. That point should be made explicit, I think, or else the user will be left asking "OK, now what?"
Hmm, what would you suggest?
I'm not sure, as I don't have a full understanding of what causes these notifications. Jumping off from some other threads here, maybe a suggestion as to the possibility that your devices are attempting to log in for you while you are traveling?
I think that the current sentence is very misleading.
"Even if you do have a strong password, you may want to change passwords anyway, if you suspect that someone else has tried to access your account."
Someone who already has a strong password will not in any way benefit from changing their password unless they already got hacked.
Also, it probably shouldn't be plural? (passwordS?!) Or does Wikipedia support a multi-password login mechanism?
There was a paper out there about this very topic but I can't find it now. I probably have a copy on my drive, somewhere, but with a good 1Tb of data... Oh well. Anyway, the definition of a "strong password" is also extremely blurry. A very long passphrase can be a lot better than a "super complicated" 8 chars password.
- Thanks for warning me, but to contact me this way every time I make a typo in my password is an exaggaration we do not like. Some people may get scared to death (sorry for doing the same LOL) or insulted by thinking "I know my password is so strong that I mistype it myself sometimes".
Kind regards from (temporary) Egmond aan Zee, Klaas `Z4␟` V: 07:00, 4 May 2018 (UTC)
- Thanks for warning me, but to contact me this way every time I make a typo in my password is an exaggaration we do not like. Some people may get scared to death (sorry for doing the same LOL) or insulted by thinking "I know my password is so strong that I mistype it myself sometimes".
BTW: can you tell me what IP-address tried to enter in a WMF-site in my (user)name? Klaas `Z4␟` V: 07:16, 4 May 2018 (UTC)
Hi KlaasZ4usV -- over the last day, there was a large-scale attempt to break into random Wikipedia accounts. The vast majority were unsuccessful, and the Wikimedia Foundation's security team has stopped the attacks and communicated with the small number of people whose accounts may have been compromised.
There's more information in this post by the Director of Security on the Wikimedia-L mailing list.