https://bugzilla.wikimedia.org/show_bug.cgi?id=25925
Daniel Friesen <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mediawiki-bugs@nadir-seen-f | |ire.com --- Comment #16 from Daniel Friesen <[email protected]> --- Our rationale for keeping the behaviour where we lock people out of their account simply by trying to require new passwords to be sane smells a little like BS. From the looks of it so far the only rationale put forward is "because r9312 did it". And r9312's rationale looks like "Since we can't stop passwords below the minimum length being saved in 3rd party auth systems, we'll just not permit users to login instead." Which frankly doesn't fit right now. Since this feature that is supposed to protect us from 3rd party auth plugins is taking effect when absolutely no such auth system is in use. And instead of protecting users it's preventing us from gracefully migrating to a better default password strength. At the very minimum this feature should have a way of disabling it so that wikis can migrate users. And as a footnote. I think the default minimum for MW should be at the very least, 6. Although 8 may be a little more sane. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
