Password policy
The following page documents an official global policy. This page has been developed and approved by the community and its compliance is mandatory for all projects. It must not be modified without prior community approval. |
Overview
Passwords are an important aspect of computer security. A poorly chosen password may result in unauthorised access to your account. This can have a cascading effect which could jeopardize the security and privacy of other contributors. A strong password not only protects the individual, but the projects and the movement as a whole.
Purpose
The purpose of this policy is to establish and document password requirements for users of Wikimedia wikis.
Scope
The scope of this policy includes anyone who has registered an account on a Wikimedia wiki.
Policy
Password requirements are defined for both regular users and privileged users. These requirements may be changed or expanded in the future to further enhance security.
- Password requirements for regular users:
- Must be at least 8 characters
- Must not be in the list of 100,000 most popular used passwords (as defined by the CommonPasswords library)
- Must not be the same as the username
- Password requirements for privileged users:
- Must be at least 10 characters
- Must not be in the list of 100,000 most popular used passwords (as defined by the CommonPasswords library)
- Must not be the same as the username
Compliance
The security team will conduct activities including, but not limited to: auditing accounts, dictionary attacks against user passwords, and user surveys.
Password changes may be required for all users by the Wikimedia Security Team in case of a security incident.
Exceptions
For exceptions to this policy contact security wikimedia org
Related policies and documentation
Definitions
fishbowl – A fishbowl wiki is a wiki which everyone can read, but only some people (with accounts) may edit.
normal user – A user account on a wiki not a member of any group that is considered privileged.
private – A private wiki is a wiki where read and write access is restricted to people who have accounts.
privileged user – A privileged user is one who is in a group such as (but not limited to): Global and local Administrators (sysop), Bureaucrat, Oversight, Check User, Founder, Global Interface Editors, Bots, Ombuds, Staff, Stewards, Central Notice Administrators, and System Administrators. Other groups identified by the Security Team at the Wikimedia Foundation may be considered “privileged” but not listed above. All users on private and fishbowl wikis are considered privileged.