Jump to content

Password policies

This is a list of the effective password policies for the user groups defined in this wiki.

GroupPolicies
Account creators
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Autoconfirmed users
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Autopatrollers
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Bots
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Bureaucrats
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Check users
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Confirmed users
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Structured Discussions bots
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Importers
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Interface administrators
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
IP block exemptions
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Users blocked from the IP Information tool
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Stewards
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Suppressors
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Administrators
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Translation administrators
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Transwiki importers
(list of members)
  • Password must be at least 10 characters long(MinimalPasswordLength)(suggest change on login, must change on login)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
  • Password must be at least 1 character long to be able to login(MinimumPasswordLengthToLogin)
Uploaders
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Users
(list of members)
  • Password must be at least 8 characters long(MinimalPasswordLength)
  • Password cannot be a substring within the username(PasswordCannotBeSubstringInUsername)(suggest change on login)
  • Password cannot match a specific list of default passwords(PasswordCannotMatchDefaults)(suggest change on login)
  • Password must be less than 4,096 characters long(MaximalPasswordLength)(suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords.(PasswordNotInCommonList)(suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation(BlockAttacker)
Retrieved from "https:// mediawiki.org/wiki/Special:PasswordPolicies"