Tubgirl is Love.
May. 7th, 2007 05:06 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
reddragdivaAn English Wikipedia admin account just got compromised and abused again, because the admin used "fuckyou" as a password. That's the sixth most common password, I think. The main page was deleted for five minutes and Tubgirl was put in the sitenotice.
Brion and Greg are (right now) running a password cracker over the admin accounts. If you want to keep your admin bit and know, deep in your heart, that your password is a bit rubbish, I strongly suggest changing it or it will be locked. Hint: if it shows up in Google, it's a rubbish password. Or enter it into the search box at the right of my Wikipedia blog with your username — I have a, uh, phishing detector running there. Yes, that's it. A note on the subject has been added to Wikipedia:Administrators.
Now we eagerly await Single Crack 0wnz0ring. Normal people just don't get passwords. I used to do dial-up Internet tech support. "What do you want for a password?" "Oh, [username]." "I'm sorry, you can't have it be the same." "Oh, [username]1." Suggestions? Assume we can't require an RSA keyfob for all editors.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
(no subject)
Date: 2007-05-08 08:35 pm (UTC)So they will have to write them down (or otherwise store them). It's long been the case that the disadvantages of using a memorable password far outweigh the disadvantages of writing an unmemorable one down.
Even if they store their password unencrypted on their personal machine you're probably doing better (after all, if their machine is compromised you've lost already)
-roy