https://bugzilla.wikimedia.org/show_bug.cgi?id=66699
--- Comment #6 from Steven Walling <[email protected]> --- (In reply to Chris Steipp from comment #4) > My initial reaction is that for privileged accounts, 1 year sounds > excessive. But for normal accounts, this should be fine. > > When we're able to implement password length and https requirements per use > group, we may also customize this. Privileged users will definitely want this feature just as much as those without special permissions. Maybe even more, since they tend to be active more often. If we think privileged accounts need extra session security then we should enforce that through other means I think, like increased minimum password lengths/complexity, force use of HTTPS, and so on. From a design standpoint, changing the expected behavior (either the length of the cookie expiration or the visibility of the checkbox) depending on the user's permissions is awkward. It seems pretty likely to confuse or annoy users to have logins behave differently depending on account type/permissions. -- You are receiving this mail because: You are the assignee for the bug. You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
