https://bugzilla.wikimedia.org/show_bug.cgi?id=25925
--- Comment #27 from MZMcBride <[email protected]> --- (In reply to comment #25) > * With our rate limits what they are, you can actually brute force > single-character passwords (15-30 mins each, before you optimize for user > bias in choosing the single digit) faster than the creation rate limits > (4-6/day for most wikis). So spammer wants some accounts? Why wouldn't the wannabe spammer just edit logged out? Or make their own accounts? The effort required to bypass the account creation restrictions is surely lower than the effort required to brute-force random accounts. > * Editors get in an edit dispute, one editor brute forces the other's login, > vandalizes, gets the other person blocked. You're certainly getting more creative, but this still comes down to user choice regarding account security. And this scenario seems to be fairly far-fetched and still not worth the inconvenience. -- You are receiving this mail because: You are the assignee for the bug. You are watching all bug changes. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
