Tubgirl is Love.

[reddragdiva]

An English Wikipedia admin account just got compromised and abused again, because the admin used "fuckyou" as a password. That's the sixth most common password, I think. The main page was deleted for five minutes and Tubgirl was put in the sitenotice.

Brion and Greg are (right now) running a password cracker over the admin accounts. If you want to keep your admin bit and know, deep in your heart, that your password is a bit rubbish, I strongly suggest changing it or it will be locked. Hint: if it shows up in Google, it's a rubbish password. Or enter it into the search box at the right of my Wikipedia blog with your username — I have a, uh, phishing detector running there. Yes, that's it. A note on the subject has been added to Wikipedia:Administrators.

Now we eagerly await Single Crack 0wnz0ring. Normal people just don't get passwords. I used to do dial-up Internet tech support. "What do you want for a password?" "Oh, [username]." "I'm sorry, you can't have it be the same." "Oh, [username]1." Suggestions? Assume we can't require an RSA keyfob for all editors.

Comments

[rbarclay.livejournal.com]

I don't think I'm getting that sentence in this context.

If you think written-down passwords are bad, then you need to add another factor. Which in each&every practical sense means hardware (RSA (or eSafe) tokens, fingerprint scanner, whatever - a printed-out one-time-password list counts as written-down in my book), which means shelling out for it.
Once you have at least half-arsed quality control for passwords, there's just no other way of solving a social problem with technical goo.