Mailing List Archive

Special:PasswordPolicies
Hi Everyone,

I was wandering through
https://www.cryptopp.com/wiki/Special:PasswordPolicies , which comes
from Mediawiki 1.38.2.

The first line for Autoconfirmed Users says:

Password must be at least 1 character long
(MinimalPasswordLength) (suggest change on login)

I think there are several problems with the page in general and text
in particular. First, a 1 character password is not really acceptable
in practice. It is probably time to increase the size of a minimum
password, to something like 16.

Second, the referenced variable, MinimalPasswordLength, is deprecated.
Or $wgMinimalPasswordLength is deprecated.
https://www.mediawiki.org/wiki/Manual:$wgMinimalPasswordLength

It might be a good idea for someone to visit the documentation for
Special:PasswordPolicies and maybe update it.

Jeff
_______________________________________________
MediaWiki-l mailing list -- mediawiki-l@lists.wikimedia.org
To unsubscribe send an email to mediawiki-l-leave@lists.wikimedia.org
https://lists.wikimedia.org/postorius/lists/mediawiki-l.lists.wikimedia.org/
Re: Special:PasswordPolicies [ In reply to ]
On Tue, 27 Sept 2022 at 16:48, Jeffrey Walton <noloader@gmail.com> wrote:

> I was wandering through
> https://www.cryptopp.com/wiki/Special:PasswordPolicies , which comes
> from Mediawiki 1.38.2.
>
> The first line for Autoconfirmed Users says:
>
> Password must be at least 1 character long
> (MinimalPasswordLength) (suggest change on login)
>
> I think there are several problems with the page in general and text
> in particular. First, a 1 character password is not really acceptable
> in practice. It is probably time to increase the size of a minimum
> password, to something like 16.
>

That is the default for unprivileged users, yes. The default for bots,
sysops, interface-admins, and bureaucrats is 10. Obviously each wiki's
sysadmins can set it whatever they like. Raising the default to some value
above 1 (before MW 1.27 in 2015 the default was 0) is a nice idea, though
potentially breaking a few users' set-ups. We raised it to 8 for Wikimedia
accounts years ago, so I'll propose this change for MW 1.40.

Second, the referenced variable, MinimalPasswordLength, is deprecated.
> Or $wgMinimalPasswordLength is deprecated.
> https://www.mediawiki.org/wiki/Manual:$wgMinimalPasswordLength
>
> It might be a good idea for someone to visit the documentation for
> Special:PasswordPolicies and maybe update it.
>

That's not a variable, it's the flag for wgPasswordPolicy. See
https://www.mediawiki.org/wiki/Manual:$wgPasswordPolicy for more details.

J.
--
*James D. Forrester* (he/him <http://pronoun.is/he> or they/themself
<http://pronoun.is/they/.../themself>)
Wikimedia Foundation <https://wikimediafoundation.org/>