Topic on Help talk:Login notifications

Password suggestions are a little misleading

3 comments • 11:31, 14 August 2019 4 years ago
3
Rugk (talkcontribs)

The suggestions in Help:Login notifications#Have a strong password are not really up-to-date.


You should not really emphasize the need of special characters or so. It is easy to mathematically calculate (see Wikipedia; n=length of password; k=character set to choose from) that longer passwords are much more secure than a same-length password with more special characters.


This also aligns with new policies by the NIST. See https://nakedsecurity.sophos.com/2016/08/18/nists-new-password-rules-what-you-need-to-know/ e.g.

Reply 22:02, 13 April 2019 5 years ago
Vampire Michella100 (talkcontribs)

Wikipedia needs to change this.


They should at least use a password reset or security questions similar to Gmail or Facebook.

E.G.

If you remember the date you join.

Identify the articles you've written.

OR

Then they give you a reset link with your E-Mail.

Reply 11:34, 16 April 2019 5 years ago
Rugk (talkcontribs)

Sorry, but no. This is exactly the wrong way and also included in the new NIST guidelines. "Knowledge-based authentication" is out as it is totally insecure. (one can just look on Facebook and see most of these things or so.)

And what articles you've written is public too, so you cannot authenticate with that…


This is really only about clarifying the paragraph there…

Reply Edited 12:50, 21 April 2019 4 years ago
Reply to "Password suggestions are a little misleading"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Uxsz0n95lqx3cdt4"