On Thu, Aug 7, 2014 at 8:10 AM, Risker <[email protected]> wrote: > A lot of the "solutions" normally bandied about involve things like > two-factor identification, which has the "additional" password coming > through a separate route (e.g., gmail two-factor ID sends a second password > as a text to a mobile) and means having more expensive technology) or using > technology like dongles that cannot be sent to users in certain countries.
Actually, most modern internet implementations use the TOTP algorithm open standard that anyone can use for free. <https://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm> One of the most common methods, other than through text messages, is the Google Authenticator App that anyone can download for free on a smart phone. <https://en.wikipedia.org/wiki/Google_Authenticator>. I'm not sure we can make any of these extra protections *required* without a lot of discussion, but giving people the option will certainly help. Wikimedians are usually a pretty geeky and paranoid bunch, so I think a good amount of people would take advantage of additional security features. This is especially true given how many people use <https://en.wikipedia.org/wiki/Template:User_committed_identity> on enwiki, something I've never really understood the point of. :-) -- Casey Brown (Cbrown1023) caseybrown.org _______________________________________________ Wikitech-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikitech-l
