2FA would be a big prevention of these problems. Allowing accounts to be handled through 3rd party services, such as a Github, would also prevent it. Github already has 2FA available for logins.
On Wed, Nov 16, 2016 at 10:26 AM, Stas Malyshev <smalys...@wikimedia.org> wrote: > Hi! > > > I would be good to run a password strength checker at login time as > > well, as the software should, for a brief moment, have a copy of the > > plaintext password that can be scanned, before it hashes it for checking > > and forgets the plaintext. > > Another measure may be to have a bot that scans the accounts > periodically (maybe for starters only on admin, etc. high privilege > accounts) and alerts on weakly-passworded ones? We know bad (or at least > greyhat) guys do that, so maybe to prevent it we should try using the > same approach? > > -- > Stas Malyshev > smalys...@wikimedia.org > > _______________________________________________ > Wikitech-l mailing list > Wikitech-l@lists.wikimedia.org > https://lists.wikimedia.org/mailman/listinfo/wikitech-l > _______________________________________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l