https://bugzilla.wikimedia.org/show_bug.cgi?id=25925
--- Comment #11 from Matthew Flaschen <[email protected]> --- I don't think we should guarantee that users with very weak passwords (say under 6 characters, but we could draw the line elsewhere) should be able to log in forever (without changing or resetting the password). It was a mistake to ever allow such passwords, but we don't need to keep perpetuating the mistake forever. If we were to do this, though, we would want to clearly notify affected users ahead of time, particularly those without an email account (needed for reset). We could consider notifying them at login time for a certain period and/or requiring a password change, before blocking login/requiring reset. Another option is to only make this change for users with elevated rights (e.g. admins). -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
