Security on Wikipedia refers to the methods and principles employed to guard against potentially damaging actions taken by malicious or unqualified persons.

All registered users have a password which works like any login password. Passwords help ensure that someone does not masquerade as another editor. Editors must use a strong password to avoid being blocked for bad edits by someone who guesses or "cracks" others editors' passwords.

Some actions on Wikipedia can only be carried out by privileged editors. The most common kind of privilege is adminship. It is especially important that privileged editors have strong passwords. Administrators, bureaucrats, checkusers, stewards and oversighters discovered to have weak passwords will have their privileges removed on grounds of site security. If an editor's password can be cracked by someone running one of the many quite sophisticated open source password crackers available on the internet, editing and other privileges will be removed before someone "borrows" it for malicious purposes. Before the removal of these privileges, editors with weak passwords will be contacted and given a chance to change to a strong password. If privileges are removed because of a weak password, said privileges will be automatically returned once the password is strengthened.

Although the definition of "strong password" is deliberately left unspecified, privileged editors are required to use strong passwords and are informed that the developers will try to crack their passwords.

Administrators should make a second account without sysop abilities if they want to edit Wikipedia in public places such as a library. When editing on a semi-public computer, such as a machine at your place of work, it is a best practice to log out of Wikipedia when leaving your workstation.

It is important to use different passwords for every system on which you have an account. That way, if your commons account were to be compromised, the hacker would not instantly be able to gain access to your other Wikimedia accounts.

Password security tips

In summary, here are some steps that users should take to ensure that their accounts will not be stolen. If someone accesses your account and causes malicious damage, your reputation could be in trouble! This is especially true for priviledged users! Below are some tips on keeping your account secure:

1. Never give your Wikipedia password to anyone, not even Wikimedia staff.
2. Only enter your password on a Wikimedia site. Beware of fake sites that resemble Wikimedia sites. Users should check that their browser is on a Wikimedia domain.
3. Also, your Wikimedia passwords should be different from passwords used elsewhere.
4. Keep your computer up-to-date with the latest anti-virus software.
5. Your password should be easy to remember, but hard to guess. "Password" is not a secure password, but ".h$e9b2p3" is (however, do not use this is a password, since it has been divulged as an example). If you're still unsure what constitutes a good, secure password, read here.
6. Do not log on using public computers.
7. If you decide to log on using a public computer, remember to log out when done.
8. Be careful when running user scripts. Some scripts can be programmed to steal cookies and thus compromise accounts. Be careful of scripts that contain the string document.cookie.
9. Also, be careful when running executables (vandalism patrollers, editing tools, etc). Some claim to help make editing easier, but can actually contain viruses that steal your password.

Sometimes pages may be protected to prevent their being vandalized. Protection is also sometimes used for other purposes such as "cooling down" edit wars or allowing editors to review the history of an article during some discussions on deletion review.

Sometimes an editor, an IP address, or a range of IP addresses may be blocked to stop them damaging Wikipedia. Accounts that are compromised will be blocked immediately, regardless of the original standing of the editor.

This policy is not a tutorial on all the possible ways in which a Wikipedia account could be compromised. However, keeping a secure account is the editor's responsibility. Editors are required to take security seriously. Compromised accounts will be immediately blocked and any associated group settings will be revoked. Administrators and other privileged editors may have to reapply to regain those privileges.

• Password
• Password strength
• Password cracking
• Meta:Don't leave your fly open