On Sat, Feb 8, 2014 at 8:14 AM, Brian Wolff <[email protected]> wrote:
> On 2/7/14, Steven Walling <[email protected]> wrote: > > If feel like I should reiterate why I proposed this change. Maybe no one > > cares, but I think it might help convince folks this is NOT an argument > for > > "let's reduce user freedom in the name of security." > > > > I didn't worked on the RFC because I love tinkering with password > security > > in my spare time and know lots about it. Far from it. I did it because I > > think we're failing MediaWiki users on *all installations* by inviting > them > > to sign up for an account, and then failing to set default requirements > > that help them adequately secure those accounts. Users tend to follow > > defaults and do the minimum effort to reach their goals -- in this case > to > > sign up and then get editing. It's our job as the MediaWiki designers and > > developers to set good defaults that encourage account security without > > being excessively annoying. > > > > In addition to just being sane about security defaults, there is more. > > Allow me to wax poetic a moment... If you can edit anonymously, why do we > > allow and encourage registration at all? Many reasons of course, but one > of > > them is because it is a rewarding experience to have a persistent > identity > > on a wiki. We all know how real that identity becomes sometimes. When I > > meet Krinkle or MZMcbride in real life, I don't call them Timo and Max. > Or > > if I do, I don't think of them as those names in my head. > > > > When wiki users start an account, they might think that they are just > > creating something unimportant. They may actually have bad intentions. > But > > part of this is that we're offering people an account because it gives > them > > a chance to be recognized, implicitly and explicitly, for the work they > do > > on our wikis. > > > > I think setting a default of 1 character passwords required doesn't > > reinforce the idea that an account is something you might actually come > to > > cherish a bit, and that it might even represent you in some important way > > to others. By signaling to new users that an account is so worthless that > > it's cool if you have a one character password... well, is that really > such > > a good thing? > > > > On Thu, Feb 6, 2014 at 5:44 PM, MZMcBride <[email protected]> wrote: > > > >> P.S. I also casually wonder whether there's a reasonable argument to be > >> made here that requiring longer passwords will hurt editor retention > more > >> than it helps, but this thought is still largely unformed and unfocused. > >> > > > > I think that's a canard. There are many many sites that do not have user > > acquisition or retention problems, while also having sane password length > > requirements. Yes, this is a potential extra roadblock, which may > slightly > > reduce conversion rates on the signup form by slowing people down. > However, > > one of the clear arguments in favor of doing this now (as opposed to say, > > back in 2001) is that users will largely expect an account on a popular > > website to require them to have a password longer than 1 character. > > > > If we really are scared about the requirements in our signup form driving > > people away from editing, we can make many user experience improvements > > that would, like every other site, offset the terrible awful horrible > evil > > of requiring a six character password. I'd be happy to list specifics if > > someone wants, but this email is already too long. > > > > Steven > > _______________________________________________ > > Wikitech-l mailing list > > [email protected] > > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > > Thanks for the background, I think its important to know the "why" for > a change, not just a what. However it doesn't address what I see as > the main concern being raised about this proposal - the lack of a > threat model. Who is the enemy we're concerned about breaking into > accounts? What is the enemy's resources? Anything done for security > should be in reference to some sort of threat model. Otherwise we will > probably end up implementing security that does not make sense, things > that protect one aspect without protecting the important aspect, etc. > Well most people think having distinct identities on wiki is > important, what we need to protect them from is going to vary wildly > from person to person. It wouldn't surprise me if the hard-core > SoftSecurity people would argue for an honour system... > Totally agree, and I added a first pass for it at https://www.mediawiki.org/wiki/Requests_for_comment/Passwords#Threats > > > Users tend to follow > > defaults and do the minimum effort to reach their goals -- in this case > to > > sign up and then get editing. > > 'password' is probably less secure than most one letter passwords. > > --bawolff > > p.s. I don't think stronger password requirements will have much of an > affect on user retention assuming the requirements aren't insane (e.g. > Don't require a password min 9 max 13 characters long with exactly 7 > symbols and no more than 2 numbers) > > _______________________________________________ > Wikitech-l mailing list > [email protected] > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
