→Password security tips: rm extraneous fluff |
m Reverted edit by 5.116.126.28 (talk) to last version by ThaddeusSholto Tag: Rollback |
||
| (373 intermediate revisions by more than 100 users not shown) | |||
| Line 1: | Line 1: | ||
<noinclude>{{pp-move-indef}}</noinclude> |
|||
| ⚫ | |||
{{redirect|WP:PASSWORD|the policy on password strength|:meta:Password policy}} |
|||
'''Security''' on Wikipedia refers to the methods and principles employed to guard against potentially damaging actions taken by malicious or unqualified persons. |
|||
| ⚫ | |||
{{nutshell|Failing to use a sensible password can lead to temporary loss of editing access and may lead to permanent loss of privileged access.}} |
|||
| ⚫ | All registered users have to log in using a [[password]] before they can edit using their usernames. Passwords help ensure that someone does not masquerade as another editor. Editors should use a [[Password_strength#Guidelines_for_strong_passwords|strong password]] to avoid being blocked for bad edits by someone who guesses or "[[Password cracking|cracks]]" other editors' passwords. Users may access their account's [[Help:Preferences|preferences]] to change their password. |
||
==Passwords== |
|||
| ⚫ | All registered users have a password |
||
== In general == |
|||
Some actions on Wikipedia can only be carried out by privileged editors. The most common kind of privilege is [[Wikipedia:administrator|adminship]]. It is especially important that privileged editors have strong passwords. Administrators, [[Wikipedia:bureaucrat|bureaucrat]]s, [[Wikipedia:checkuser|checkuser]]s, [[Wikipedia:steward|steward]]s and [[Wikipedia:oversight|oversight]]ers discovered to have [[Password strength|weak passwords]] will have their privileges removed on grounds of site security. If an editor's password can be cracked by someone running one of the many quite sophisticated open source password crackers available on the internet, editing and other privileges will be removed before someone "borrows" it for malicious purposes. Before the removal of these privileges, editors with weak passwords will be contacted and given a chance to change to a strong password. If privileges are removed because of a weak password, said privileges will be automatically returned once the password is strengthened. |
|||
Password strength requirements are explained in the [[meta:Password policy|password policy]]. For normal users, those requirements are enforced when an account is created and when a password is changed. |
|||
You should have a password that: |
|||
Although the definition of "strong password" is deliberately left unspecified, privileged editors are required to use strong passwords and are informed that the developers will try to crack their passwords. |
|||
* is at least eight characters (ten for privileged accounts) |
|||
* has a mixture of upper and lowercase letters and numbers |
|||
* avoids dictionary words, given or last names, or personal information (date of birth, cat's name, etc.) |
|||
* is not used on any other website – websites periodically get hacked, with user information leaked onto the internet |
|||
Do this, and your password is likely to be [[Password strength|reasonably strong]]. The burden of using sufficiently strong passwords lies on you, the user. What this means is that if your account is compromised (for any reason), this will be treated as you not having used a sufficiently strong password. |
|||
Administrators should [[Wikipedia:Sock_puppetry#Segregation and security|make a second account]] without sysop abilities if they want to edit Wikipedia in public places such as a library. When editing on a semi-public computer, such as a machine at your place of work, it is a best practice to log out of Wikipedia when leaving your workstation. |
|||
Avoid linking to external sites from your user page and user talk pages, since this reveals a connection that can be used in an attempt to take over your Wikipedia user account. |
|||
It is important to use different passwords for every system on which you have an account. That way, if your commons account were to be compromised, the hacker would not instantly be able to gain access to your other Wikimedia accounts. |
|||
If you need to use a public computer or connect your own computer to a public Wi-Fi network, consider establishing an alternative account (see [[WP:VALIDALT]] for important instructions and limitations) since malicious software or hardware could [[Keystroke logging|capture your password]]. |
|||
=== Password security tips === |
|||
Accounts that appear to have been compromised may be blocked without warning; administrators will generally not unblock such accounts without evidence that their rightful owners solely control them. |
|||
Here are some steps that editors should take to ensure that their accounts will not be compromised: |
|||
'''Never, ever, share your password'''. Accounts with advanced permissions risk their permissions being revoked or account blocked due to violation of community trust and [[Wikipedia:Username policy#Sharing accounts|standards on account sharing]]. |
|||
#Never give your Wikipedia password to anyone, not even Wikimedia staff. |
|||
#Only enter your password on a Wikimedia site. Beware of fake sites that resemble Wikimedia sites. Users should check that their browser is on a Wikimedia domain. |
|||
#Also, your Wikimedia passwords should be different from passwords used elsewhere. |
|||
#Keep your computer up-to-date with the latest anti-virus software. |
|||
#Your password should be easy to remember, but hard to guess. "Password" is not a secure password, but ".h$e9b2p3" is (''however, '''do not''' use this is a password, since it has been divulged as an example''). See also [[Wikipedia:Don't leave your fly open#Keys to a Strong Password|Keys to a Strong Password]]. |
|||
#Avoid using public computers to edit, but if you do decide to use one, always remember to log out when you are done. |
|||
#Be careful when running user scripts. Some scripts can be programmed to steal cookies and thus compromise accounts. Be careful of scripts that contain the string <tt>document.cookie</tt>. |
|||
#Be careful when running executables (vandalism patrollers, editing tools, etc). Some claim to help make editing easier, but can actually contain viruses that steal your password. |
|||
=== Changing your password === |
|||
==Protection== |
|||
Click on "Preferences" at the top right-hand corner of the page and then click the "Change Password" button on the "User Profile" tab to access the [[Special:ChangePassword]] page. |
|||
Sometimes pages may be [[Wikipedia:Protection policy|protected]] to prevent their being [[Wikipedia:Vandalism|vandalized]]. Protection is also sometimes used for other purposes such as "cooling down" edit wars or allowing editors to review the history of an article during some discussions on [[Wikipedia:Deletion review|deletion review]]. |
|||
=== Failed login attempts === |
|||
==Blocking== |
|||
{{See also|Help:Notifications#Failed login attempts|mw:Help:Login notifications}} |
|||
Sometimes an editor, an [[IP address]], or a range of IP addresses may be [[Wikipedia:Blocking policy|blocked]] to stop them damaging Wikipedia. Accounts that are compromised will be blocked immediately, regardless of the original standing of the editor. |
|||
[[File:2018-05-04 Failed Attempt.jpg|thumb|upright=1.5|A [[Help:Notifications|notification]] alerting a user of a failed login attempt from a new device]] |
|||
Through the [[Wikipedia:Notifications|notification]] system, you will be alerted when someone attempts and fails to log in to your account. Multiple alerts are bundled into one for an attempt from a new device/IP, but for a known device/IP, you get one alert for every 5 attempts. |
|||
== Other security == |
|||
This policy is not a tutorial on all the possible ways in which a Wikipedia account could be compromised. However, keeping a secure account is each editor's responsibility. Editors are required to take security seriously. Compromised accounts will be immediately blocked and any associated group settings will be revoked. Administrators and other privileged editors may have to reapply to regain those privileges. |
|||
If you receive this notification, don't worry! Your account is still secure. But even if you do have a strong password, you may want to change your password anyway, if you suspect that someone else has tried to access your account. |
|||
| ⚫ | |||
| ⚫ | |||
=== What to do when your account has been compromised === |
|||
| ⚫ | |||
{{main|Wikipedia:Compromised accounts}} |
|||
*[[Password cracking]] |
|||
Information on what to do when your account has been compromised can be found at {{slink|Wikipedia:Compromised accounts|After being compromised}}. |
|||
*[[Meta:Don't leave your fly open]] |
|||
In a nutshell, you can help Wikipedia block access to the account and prevent malicious behavior. Do not expect to be able to regain control of the account. |
|||
=== What to do when your device has been compromised === |
|||
Wikipedia's "Log out" link logs out all the user's current sessions. If a logged-in device is lost or stolen, changing the password and logging out on another device may help to prevent future abuse of the account on the lost device. |
|||
== Privileged editors == |
|||
On Wikipedia, only certain users (including [[Wikipedia:Administrators|administrators]]) can perform some actions. It is especially important that these privileged editors have strong passwords. Administrators, [[Wikipedia:Bureaucrat|bureaucrats]], [[Wikipedia:Checkuser|checkusers]], [[Wikipedia:Steward|stewards]] and [[Wikipedia:Oversight|oversighters]] discovered to have [[Password strength|weak passwords]], or to have had their accounts compromised by a malicious person, may have their accounts blocked and their privileges removed on grounds of site security. In certain circumstances, the revocation of privileges may be permanent. Discretion on resysopping temporarily [[wikt:desysop|desysopped]] administrators is left to the [[Wikipedia:Arbitration Committee|Arbitration Committee]], provided they can determine that the administrator is back in control of the previously compromised account. |
|||
== Two-factor authentication (2FA) == |
|||
{{main|Help:Two-factor authentication}} |
|||
Wikimedia's implementation of [[two-factor authentication]] (2FA) is a way of strengthening the security of your account. If you enable two-factor authentication, every time you log in you will be asked for a one-time six-digit number in addition to your password. This number can be provided by an app on your smartphone or other authentication device (called a TOTP client). In order to login you must know your password and have your authentication device available to generate the code. |
|||
=== Enrolling === |
|||
{{caution|During your enrollment you will be presented with a series of one-time scratch codes. '''You should safely store a copy of these codes'''. If you lose or have a problem with your TOTP client you will be locked out of your account unless you have access to these codes. Once locked out, regaining access to your account may not be possible.}} |
|||
To set up two-factor authentication: |
|||
* This action is currently limited to administrators, bureaucrats, oversighters, checkusers, edit filter managers, template editors and interface administrators. Other users may request 2FA at [[:m:Steward_requests/Global_permissions#Requests_for_2_Factor_Auth_tester_permissions|Steward requests/Global permissions]] on Meta. |
|||
* See [[Help:Two-factor authentication]] for step-by-step directions, cautions, and information about this feature. |
|||
== Notes == |
|||
For informal advice on personal security, including passwords, see [[Wikipedia:Personal security practices]]. |
|||
Users are encouraged to [[Help:Email confirmation|provide an email address]] in [[Special:Preferences|their preferences]], as this enables them to reset their password via email if necessary. (Providing an email address also makes possible communications with other users via email; this can be disabled in preferences by unchecking the option "allow other users to email me".) Email alerts generated by the [[Wikipedia:Notifications]] system can also be sent to your email address, such as "failed login attempts" and "login from an unfamiliar device" notifications (these two messages are on by default, but are configurable in the [[Special:Preferences#mw-prefsection-echo|notifications preferences]]). |
|||
| ⚫ | |||
* [[Wikipedia:Blocking policy]] |
|||
| ⚫ | |||
| ⚫ | |||
* [[Wikipedia:Committed identity]] |
|||
* [[Wikipedia:FAQ/Technical#How_do_I_recover_a_password_I_have_forgotten?|Wikipedia:FAQ/Technical]] (how to recover password) |
|||
* [[Wikipedia:Wikipedia Signpost/2006-02-06/Password security]] |
|||
* [[Wikipedia:Wikipedia Signpost/2006-12-18/Technology report]] |
|||
* [[Wikipedia:Wikipedia Signpost/2007-05-07/Admins desysopped]] |
|||
* [[Wikipedia:Wikipedia Signpost/2010-08-02/Technology report]] |
|||
* [[Wikipedia:Wikipedia Signpost/2015-11-11/Discussion report]] |
|||
* [[Wikipedia:Village pump (proposals)/Account security]] |
|||
{{Wikipedia accounts|collapsed}} |
|||
[[Category:Wikipedia user account security]] |
|||
Revision as of 10:16, 28 February 2024
All registered users have to log in using a password before they can edit using their usernames. Passwords help ensure that someone does not masquerade as another editor. Editors should use a strong password to avoid being blocked for bad edits by someone who guesses or "cracks" other editors' passwords. Users may access their account's preferences to change their password.
In general
Password strength requirements are explained in the password policy. For normal users, those requirements are enforced when an account is created and when a password is changed.
You should have a password that:
- is at least eight characters (ten for privileged accounts)
- has a mixture of upper and lowercase letters and numbers
- avoids dictionary words, given or last names, or personal information (date of birth, cat's name, etc.)
- is not used on any other website – websites periodically get hacked, with user information leaked onto the internet
Do this, and your password is likely to be reasonably strong. The burden of using sufficiently strong passwords lies on you, the user. What this means is that if your account is compromised (for any reason), this will be treated as you not having used a sufficiently strong password.
Avoid linking to external sites from your user page and user talk pages, since this reveals a connection that can be used in an attempt to take over your Wikipedia user account.
If you need to use a public computer or connect your own computer to a public Wi-Fi network, consider establishing an alternative account (see WP:VALIDALT for important instructions and limitations) since malicious software or hardware could capture your password.
Accounts that appear to have been compromised may be blocked without warning; administrators will generally not unblock such accounts without evidence that their rightful owners solely control them.
Never, ever, share your password. Accounts with advanced permissions risk their permissions being revoked or account blocked due to violation of community trust and standards on account sharing.
Changing your password
Click on "Preferences" at the top right-hand corner of the page and then click the "Change Password" button on the "User Profile" tab to access the Special:ChangePassword page.
Failed login attempts
Through the notification system, you will be alerted when someone attempts and fails to log in to your account. Multiple alerts are bundled into one for an attempt from a new device/IP, but for a known device/IP, you get one alert for every 5 attempts.
If you receive this notification, don't worry! Your account is still secure. But even if you do have a strong password, you may want to change your password anyway, if you suspect that someone else has tried to access your account.
What to do when your account has been compromised
Information on what to do when your account has been compromised can be found at Wikipedia:Compromised accounts § After being compromised.
In a nutshell, you can help Wikipedia block access to the account and prevent malicious behavior. Do not expect to be able to regain control of the account.
What to do when your device has been compromised
Wikipedia's "Log out" link logs out all the user's current sessions. If a logged-in device is lost or stolen, changing the password and logging out on another device may help to prevent future abuse of the account on the lost device.
Privileged editors
On Wikipedia, only certain users (including administrators) can perform some actions. It is especially important that these privileged editors have strong passwords. Administrators, bureaucrats, checkusers, stewards and oversighters discovered to have weak passwords, or to have had their accounts compromised by a malicious person, may have their accounts blocked and their privileges removed on grounds of site security. In certain circumstances, the revocation of privileges may be permanent. Discretion on resysopping temporarily desysopped administrators is left to the Arbitration Committee, provided they can determine that the administrator is back in control of the previously compromised account.
Two-factor authentication (2FA)
Wikimedia's implementation of two-factor authentication (2FA) is a way of strengthening the security of your account. If you enable two-factor authentication, every time you log in you will be asked for a one-time six-digit number in addition to your password. This number can be provided by an app on your smartphone or other authentication device (called a TOTP client). In order to login you must know your password and have your authentication device available to generate the code.
Enrolling
To set up two-factor authentication:
- This action is currently limited to administrators, bureaucrats, oversighters, checkusers, edit filter managers, template editors and interface administrators. Other users may request 2FA at Steward requests/Global permissions on Meta.
- See Help:Two-factor authentication for step-by-step directions, cautions, and information about this feature.
Notes
For informal advice on personal security, including passwords, see Wikipedia:Personal security practices.
Users are encouraged to provide an email address in their preferences, as this enables them to reset their password via email if necessary. (Providing an email address also makes possible communications with other users via email; this can be disabled in preferences by unchecking the option "allow other users to email me".) Email alerts generated by the Wikipedia:Notifications system can also be sent to your email address, such as "failed login attempts" and "login from an unfamiliar device" notifications (these two messages are on by default, but are configurable in the notifications preferences).
See also
- Wikipedia:Blocking policy
- Wikipedia:Password strength requirements
- Password strength
- Wikipedia:Committed identity
- Wikipedia:FAQ/Technical (how to recover password)
- Wikipedia:Wikipedia Signpost/2006-02-06/Password security
- Wikipedia:Wikipedia Signpost/2006-12-18/Technology report
- Wikipedia:Wikipedia Signpost/2007-05-07/Admins desysopped
- Wikipedia:Wikipedia Signpost/2010-08-02/Technology report
- Wikipedia:Wikipedia Signpost/2015-11-11/Discussion report
- Wikipedia:Village pump (proposals)/Account security