450:
24:
649:
560:
542:
590:
Each group will end up contacting others during the process, either for confirmation or to perform local actions after the emergency has subsided. Advanced permissions may be removed for this portion of the case, if it is suspected that the agent(s) responsible for compromising the account are still
465:
system, you will be alerted when someone attempts and fails to log in to your account. Multiple alerts are bundled into one for attempt from a new device/IP. For a known device/IP, you get one alert for every 5 attempts. If you suspect that someone else has tried to access your account, you may want
142:
Infiltrators try numerous passwords, often in an automated fashion, until they happen across the correct password. Although on
Knowledge there are limitations regarding the number of login attempts over a given time period, users are still vulnerable if they use weak passwords, especially commonly
209:
address. If your email account is somehow compromised, an attacker can use it to gain control of other accounts you have. You should therefore secure your email account that receives reset links at least as well as any passwords that might need resetting. Gmail and
Fastmail (and probably others)
323:
This is a very effective and relatively simple measure. Now available to holders of advanced permissions, with work under way to expand availability to other users in the future. Very useful as it provides a different password each time to thwart key-loggers and other password compromises, and
582:, who can block the account if it is taking disruptive actions. Please note that in such cases, a global lock is preferred, since it stops disruption to all projects where the account is active and preserves the user information. They can be contacted at
214:(2FA) and you should probably use it if you receive sensitive email or password resets. If 2FA is too inconvenient for everyday email, you might set up a separate 2FA-protected mailbox just for reset links and other sensitive material.
228:
Logging in on insecure computers or devices, especially those for public use, can lead to passwords being stolen. The password is copied when it is entered to log on to a website by a malicious program called a keylogger, or an
280:
to the attacker or doing something dangerous without you knowing it. To stay protected, never ever follow the instructions of the attacker; that means you shouldn't run unknown code or send any browser data like
191:
If similar passwords are used on multiple websites, the hacker may be able to guess the correct password for a different use, however strong the password is. This may include a brute-force method.
618:
may help you gain access again. But if the email has been changed this will not be possible. Logs of email changes are kept for admin accounts, which may help in establishing account ownership.
247:
is used by the website. Knowledge uses HTTPS for connections. But passwords transferred in an unencrypted manner are vulnerable, and rogue networks may infiltrate a computer with lax security.
599:
A typical result of having your account compromised is having the account either blocked or locked (a lock disables login from all
Wikimedia projects) to prevent further disruption. Although
233:
allowing account access is stolen from a vulnerable computer's browser. If passwords are stored electronically, it may be possible to hack them if the device or program used is insecure.
418:
Never share passwords, even with staff members. No one else should ever need to know them. Store passwords securely, and change them if there is any chance they have become compromised.
1133:
143:
used passwords. Countermeasures are a maximum of 5 logins every 5 minutes, with no more than 150 attempts allowed every 48 hours. A record is also kept of every failed login attempt.
261:. Sharing your password with someone dubious could happen in many ways. The sharing party may not necessarily be the end-user; password sharing may happen with the website provider.
632:
is one of the few ways that you can prove that you are the user in question, but without this it may be very difficult to prove accounts have been returned to their rightful owner.
469:
Alerts notifying you of a successful login from a new device/IP are only available by email. Web notifications for successful logins from a new device/IP are currently disabled.
395:
A compromised password may not be immediately used; periodically changing it can prevent previously compromised, but not yet exploited passwords from being used. Change it at
1388:
412:. Only trusted software should be downloaded and installed. Computers in shared spaces should be locked before being left. Configure modem/router firewall features correctly.
1128:
1074:
553:
WMF's Trust and Safety team can investigate further, by using CheckUser tools or contacting system administrators to check the account's login history. Contact via email at
95:
1301:
185:
is broken, or the passwords were not stored securely, all the other sites with the same password are vulnerable. The same goes for other forms of password breaches.
170:
Even strong passwords can easily become vulnerable. But they are much better than weak passwords, principally as they discourage brute-force attacks, and they make
1265:
1229:
125:
are vulnerable, although strong passwords are better. Although this is written with
Knowledge in mind, most of this is applicable to other website accounts.
1277:
1217:
881:
1372:
98:
for illegitimate purposes. It is important for users to take active steps to protect their accounts, especially those with high levels of access such as
1325:
1181:
1145:
1528:
47:; rather, its purpose is to explain certain aspects of Knowledge's norms, customs, technicalities, or practices. It may reflect differing levels of
1169:
624:
This is a likely consequence of an account being compromised. As it may not be possible to prove that an account has been returned you may have to
153:
from websites. Although strong passwords may also be vulnerable if this happens, weak passwords are much more easily decrypted if the website uses
924:
821:
1466:
1424:
1289:
1241:
472:
By default, the "failed login attempts" and "login from an unfamiliar device" notifications are on for everyone. This is configurable in the
1157:
723:
1313:
980:
891:
32:
1508:
919:
1606:
849:
359:
737:
1523:
1253:
946:
502:, who can lock the account to prevent the password/email from being changed, as well as stopping any immediate abuse. Contact at
1471:
600:
583:
745:
490:
1224:
1006:
859:
773:
664:
304:
165:
1601:
1272:
1193:
1152:
1018:
1419:
422:
None of these techniques are foolproof, but a combination of them can greatly reduce the chance of a compromised account.
376:
Password sharing greatly increases vulnerability, even with strong passwords. Using similar passwords can also be a risk.
1412:
1296:
941:
312:
1407:
1123:
1098:
768:
1429:
434:
As described above, access to your email account may allow access to websites that use email based password resetting.
1555:
1400:
1337:
1205:
753:
133:
Weak passwords are especially vulnerable. Weak passwords are also vulnerable to techniques used on strong passwords.
44:
1360:
1064:
1054:
716:
594:
1448:
953:
854:
669:
300:
684:
573:
335:
1518:
1332:
1260:
992:
864:
674:
40:
1538:
1503:
1453:
696:
473:
264:
52:
485:
404:
Computers and other devices used to logon to
Knowledge should be kept secure, especially through the use of
1575:
1496:
1248:
1200:
1110:
1086:
1002:
869:
763:
733:
679:
346:
339:
91:
532:
444:
1560:
1212:
1011:
997:
936:
876:
816:
709:
691:
629:
365:
195:
182:
154:
503:
116:
425:
963:
128:
1513:
1320:
1176:
1140:
1059:
1023:
909:
833:
811:
638:
Special user groups may be temporarily removed from your account until you are back in control of it.
396:
331:
309:
There are a variety of measures that can decrease the likelihood of an account becoming compromised.
211:
106:
257:
This may be from following a link from a fake email, to direct you to a fake website in a so-called
1491:
1483:
1355:
1115:
1033:
1028:
975:
579:
99:
1458:
1164:
828:
462:
181:
Passwords are highly vulnerable if re-used on different sites. If one website is hacked, and the
380:
are invaluable for storing collections of complex passwords instead of needing to remember them.
1565:
1049:
968:
201:
Many services, including
Knowledge, allow users to reset a forgotten password by requesting a
90:
Accounts on
Knowledge may be compromised (hacked) in a number of ways, allowing the misuse of
1545:
1395:
1367:
1093:
794:
758:
625:
958:
1439:
1284:
1236:
1188:
914:
409:
70:
604:
77:
8:
1570:
1550:
1383:
1379:
1069:
987:
929:
804:
778:
615:
569:
405:
202:
158:
48:
479:
1308:
1081:
454:
383:
137:
62:
1580:
370:
Very useful in proving a compromised account has been returned to a legitimate owner.
277:
222:
218:
122:
701:
377:
110:
572:
can confirm if a different IP is being used to access the account. To contact see
507:
495:
If you are reasonably certain that an account may be compromised, please contact:
799:
258:
237:
438:
1533:
528:
105:
Users whose accounts are compromised may have access reduced or their accounts
1595:
291:
Thus, even strong passwords can be rendered useless unless properly secured.
248:
449:
644:
Please contact
Wikimedia Foundation's Trust and Safety team by emailing ca
499:
294:
230:
171:
150:
513:
To gain emergency assistance or to ask a question, join the IRC channel
251:
of passwords may be a vulnerability if they are not encrypted properly.
243:
Insecure networks are generally secure from password theft, as long as
466:
to change your password anyway even if you do have a strong password.
358:
An important but not invulnerable technique. Recommended for all, but
287:
Even physically stored passwords are vulnerable to theft and copying.
389:
This is especially relevant if the user holds advanced permissions.
273:
269:
614:
If you are shut out from your account from a password change, a
318:
244:
206:
524:
To contact a steward directly, use that steward's talk page.
457:
alerting a user of a failed login attempt from a new device
658:
351:
Other measures, especially pertinent if not using 2FA.
510:. You can also contact stewards in the following ways:
373:
Completely different strong passwords for all websites
731:
521:
in this channel to notify stewards of an emergency.
272:is not the only risk, attackers can trick you into
360:a requirement for holders of advanced permissions
1593:
607:may also be contacted. See above for details.
717:
431:Using these measures with your email account
882:On privacy, confidentiality and discretion
724:
710:
401:High computer, device and network security
527:Requests can also be sent to the steward
102:. This may be done in a number of ways.
448:
324:requires access to particular device(s).
174:much less vulnerable to password theft.
1594:
603:on Knowledge may be able to help, the
254:Inadvertent or unwise password sharing
149:There is little the user can do about
822:Usernames for administrator attention
705:
665:Knowledge:Personal security practices
641:Your account has been globally locked
584:Knowledge:Administrators' noticeboard
305:Knowledge:Personal security practices
274:running malicious code in the browser
18:
188:Similar passwords for multiple uses
13:
947:UTRS Unblock Ticket Request System
178:Password sharing for multiple uses
146:Hacked website with stolen details
45:Knowledge's policies or guidelines
14:
1618:
217:Insecure computers and devices -
647:
635:Your extra access may be removed
558:
540:
386:for public or insecure computers
22:
1607:Knowledge user account security
1509:Editorial oversight and control
670:Knowledge:User account security
531:queue through the interface at
330:Useful for using programs like
319:Two-factor authentication (2FA)
313:Two-factor authentication (2FA)
301:Knowledge:User account security
117:Why accounts become compromised
850:Password strength requirements
685:mw:Manual:Huggle/Bot passwords
675:Help:Two-factor authentication
491:Suspected compromised accounts
336:mw:Manual:Huggle/Bot passwords
1:
697:Category:Compromised accounts
159:encrypt its password database
680:Knowledge:Using AWB with 2FA
519:!steward (your message here)
340:Knowledge:Using AWB with 2FA
205:be sent to their registered
7:
1602:Knowledge information pages
860:Personal security practices
774:IP addresses are not people
692:Template:Committed identity
486:m:Help:Compromised accounts
445:mw:Help:Login notifications
10:
1623:
533:m:Special:Contact/Stewards
483:
442:
392:Periodic password changing
298:
60:
16:Knowledge information page
1482:
1438:
1348:
1109:
1042:
942:Guide to appealing blocks
900:
865:Two-factor authentication
842:
787:
744:
648:
611:No access to your account
605:WMF Trust and Safety team
559:
541:
504:m:Steward requests/Global
474:notifications preferences
397:Special:ChangeCredentials
384:Using a different account
212:two-factor authentication
166:Strong and weak passwords
123:weak and strong passwords
1297:Pending changes reviewer
1124:Requests for permissions
901:Blocks, bans, sanctions,
595:Regaining account access
347:Other security practices
342:for information on this.
1556:Policies and guidelines
1408:Interface administrator
1338:Volunteer Response Team
746:Unregistered (IP) users
621:Your account is blocked
506:to request or appeal a
480:After being compromised
463:Knowledge:Notifications
284:Other password stealing
278:sending browser cookies
1065:Vandalism-only account
1055:Single-purpose account
754:Why create an account?
574:Contacting a checkuser
458:
426:Email account security
415:High password security
334:with 2FA enabled. See
1449:Arbitration Committee
954:Blocking IP addresses
855:User account security
591:trying to access it.
484:Further information:
452:
443:Further information:
299:Further information:
1519:Wikimedia Foundation
1349:Advanced user groups
1333:Global rights policy
892:How to not get outed
887:Compromised accounts
829:Unified login or SUL
236:Insecure networks -
41:encyclopedic article
1504:Formal organization
1454:Bot approvals group
1396:Edit filter manager
1261:Mass message sender
1043:Related to accounts
515:#wikimedia-stewards
439:Login notifications
406:anti-virus programs
138:Brute-force attacks
1576:Dispute resolution
1225:Extended confirmed
1201:Edit filter helper
1129:Admin instructions
1116:global user groups
1087:Courtesy vanishing
1003:Contentious topics
993:Personal sanctions
877:Committed identity
764:Request an account
630:committed identity
459:
366:Committed identity
265:Social engineering
196:password resetting
92:user access levels
1589:
1588:
1273:New page reviewer
1213:Event coordinator
998:General sanctions
937:Appealing a block
834:Alternate account
817:Changing username
769:IPs are human too
759:Create an account
535:, or by emailing
378:Password managers
223:cookie hijacking
219:keystroke logging
194:Insecure email -
88:
87:
1614:
1153:(Auto) confirmed
1019:Indef ≠ infinite
843:Account security
788:Registered users
726:
719:
712:
703:
702:
653:
652:
651:
650:
566:
565:
563:
562:
561:
548:
547:
545:
544:
543:
520:
516:
355:Strong passwords
295:Counter-measures
80:
73:
33:information page
26:
25:
19:
1622:
1621:
1617:
1616:
1615:
1613:
1612:
1611:
1592:
1591:
1590:
1585:
1514:Quality control
1478:
1434:
1344:
1321:Template editor
1249:IP block exempt
1177:AutoWikiBrowser
1141:Account creator
1105:
1060:Sleeper account
1038:
1024:Long-term abuse
910:Blocking policy
896:
838:
812:Username policy
805:Reset passwords
783:
740:
730:
661:
646:
645:
597:
557:
555:
554:
539:
537:
536:
518:
514:
493:
488:
482:
447:
441:
428:
349:
332:AutoWikiBrowser
315:
307:
297:
259:phishing attack
238:packet sniffing
172:hacked websites
168:
131:
119:
111:globally locked
96:user reputation
84:
83:
76:
69:
65:
57:
56:
23:
17:
12:
11:
5:
1620:
1610:
1609:
1604:
1587:
1586:
1584:
1583:
1578:
1573:
1568:
1563:
1558:
1553:
1548:
1543:
1542:
1541:
1536:
1531:
1529:Founder's seat
1526:
1516:
1511:
1506:
1501:
1500:
1499:
1492:Administration
1488:
1486:
1480:
1479:
1477:
1476:
1475:
1474:
1469:
1461:
1456:
1451:
1445:
1443:
1436:
1435:
1433:
1432:
1427:
1422:
1417:
1416:
1415:
1405:
1404:
1403:
1393:
1392:
1391:
1377:
1376:
1375:
1365:
1364:
1363:
1352:
1350:
1346:
1345:
1343:
1342:
1341:
1340:
1330:
1329:
1328:
1318:
1317:
1316:
1306:
1305:
1304:
1294:
1293:
1292:
1282:
1281:
1280:
1270:
1269:
1268:
1258:
1257:
1256:
1246:
1245:
1244:
1234:
1233:
1232:
1222:
1221:
1220:
1210:
1209:
1208:
1198:
1197:
1196:
1186:
1185:
1184:
1174:
1173:
1172:
1162:
1161:
1160:
1150:
1149:
1148:
1138:
1137:
1136:
1131:
1120:
1118:
1113:
1107:
1106:
1104:
1103:
1102:
1101:
1091:
1090:
1089:
1079:
1078:
1077:
1067:
1062:
1057:
1052:
1046:
1044:
1040:
1039:
1037:
1036:
1034:Global actions
1031:
1029:Standard offer
1026:
1021:
1016:
1015:
1014:
1009:
1000:
995:
985:
984:
983:
981:ArbCom appeals
976:Banning policy
973:
972:
971:
966:
961:
951:
950:
949:
944:
934:
933:
932:
927:
922:
917:
906:
904:
903:global actions
902:
898:
897:
895:
894:
889:
884:
879:
874:
873:
872:
862:
857:
852:
846:
844:
840:
839:
837:
836:
831:
826:
825:
824:
819:
809:
808:
807:
797:
791:
789:
785:
784:
782:
781:
776:
771:
766:
761:
756:
750:
748:
742:
741:
729:
728:
721:
714:
706:
700:
699:
694:
689:
688:
687:
682:
672:
667:
660:
657:
656:
655:
654:wikimedia.org.
642:
639:
636:
633:
622:
619:
616:password reset
612:
601:administrators
596:
593:
588:
587:
580:Administrators
577:
567:
551:
550:
549:
525:
522:
492:
489:
481:
478:
440:
437:
436:
435:
432:
427:
424:
420:
419:
416:
413:
402:
399:
393:
390:
387:
381:
374:
371:
368:
363:
356:
348:
345:
344:
343:
328:
325:
321:
314:
311:
296:
293:
289:
288:
285:
282:
267:
262:
255:
252:
241:
234:
226:
215:
199:
192:
189:
186:
179:
167:
164:
163:
162:
147:
144:
140:
130:
129:Weak passwords
127:
118:
115:
100:administrators
86:
85:
82:
81:
74:
66:
61:
58:
38:
37:
29:
27:
15:
9:
6:
4:
3:
2:
1619:
1608:
1605:
1603:
1600:
1599:
1597:
1582:
1579:
1577:
1574:
1572:
1569:
1567:
1564:
1562:
1559:
1557:
1554:
1552:
1549:
1547:
1544:
1540:
1537:
1535:
1532:
1530:
1527:
1525:
1522:
1521:
1520:
1517:
1515:
1512:
1510:
1507:
1505:
1502:
1498:
1495:
1494:
1493:
1490:
1489:
1487:
1485:
1481:
1473:
1472:ArbCom clerks
1470:
1468:
1465:
1464:
1462:
1460:
1459:Functionaries
1457:
1455:
1452:
1450:
1447:
1446:
1444:
1441:
1437:
1431:
1428:
1426:
1423:
1421:
1418:
1414:
1411:
1410:
1409:
1406:
1402:
1399:
1398:
1397:
1394:
1390:
1387:
1386:
1385:
1381:
1378:
1374:
1371:
1370:
1369:
1366:
1362:
1359:
1358:
1357:
1356:Administrator
1354:
1353:
1351:
1347:
1339:
1336:
1335:
1334:
1331:
1327:
1324:
1323:
1322:
1319:
1315:
1312:
1311:
1310:
1307:
1303:
1300:
1299:
1298:
1295:
1291:
1288:
1287:
1286:
1283:
1279:
1276:
1275:
1274:
1271:
1267:
1264:
1263:
1262:
1259:
1255:
1252:
1251:
1250:
1247:
1243:
1240:
1239:
1238:
1235:
1231:
1228:
1227:
1226:
1223:
1219:
1216:
1215:
1214:
1211:
1207:
1204:
1203:
1202:
1199:
1195:
1192:
1191:
1190:
1187:
1183:
1180:
1179:
1178:
1175:
1171:
1168:
1167:
1166:
1165:Autopatrolled
1163:
1159:
1156:
1155:
1154:
1151:
1147:
1144:
1143:
1142:
1139:
1135:
1132:
1130:
1127:
1126:
1125:
1122:
1121:
1119:
1117:
1112:
1108:
1100:
1097:
1096:
1095:
1092:
1088:
1085:
1084:
1083:
1080:
1076:
1073:
1072:
1071:
1068:
1066:
1063:
1061:
1058:
1056:
1053:
1051:
1048:
1047:
1045:
1041:
1035:
1032:
1030:
1027:
1025:
1022:
1020:
1017:
1013:
1010:
1008:
1004:
1001:
999:
996:
994:
991:
990:
989:
986:
982:
979:
978:
977:
974:
970:
967:
965:
962:
960:
957:
956:
955:
952:
948:
945:
943:
940:
939:
938:
935:
931:
928:
926:
923:
921:
920:Admin's guide
918:
916:
913:
912:
911:
908:
907:
905:
899:
893:
890:
888:
885:
883:
880:
878:
875:
871:
868:
867:
866:
863:
861:
858:
856:
853:
851:
848:
847:
845:
841:
835:
832:
830:
827:
823:
820:
818:
815:
814:
813:
810:
806:
803:
802:
801:
798:
796:
793:
792:
790:
786:
780:
777:
775:
772:
770:
767:
765:
762:
760:
757:
755:
752:
751:
749:
747:
743:
739:
735:
727:
722:
720:
715:
713:
708:
707:
704:
698:
695:
693:
690:
686:
683:
681:
678:
677:
676:
673:
671:
668:
666:
663:
662:
643:
640:
637:
634:
631:
627:
623:
620:
617:
613:
610:
609:
608:
606:
602:
592:
585:
581:
578:
575:
571:
568:
564:wikimedia.org
552:
546:wikimedia.org
534:
530:
526:
523:
512:
511:
509:
505:
501:
498:
497:
496:
487:
477:
475:
470:
467:
464:
456:
451:
446:
433:
430:
429:
423:
417:
414:
411:
407:
403:
400:
398:
394:
391:
388:
385:
382:
379:
375:
372:
369:
367:
364:
361:
357:
354:
353:
352:
341:
337:
333:
329:
327:Bot passwords
326:
322:
320:
317:
316:
310:
306:
302:
292:
286:
283:
279:
275:
271:
268:
266:
263:
260:
256:
253:
250:
249:Cloud storage
246:
242:
239:
235:
232:
227:
224:
220:
216:
213:
208:
204:
200:
197:
193:
190:
187:
184:
183:password hash
180:
177:
176:
175:
173:
160:
156:
152:
151:data breaches
148:
145:
141:
139:
136:
135:
134:
126:
124:
114:
112:
108:
103:
101:
97:
94:, as well as
93:
79:
75:
72:
68:
67:
64:
59:
54:
50:
46:
43:, nor one of
42:
39:It is not an
36:
34:
28:
21:
20:
1566:Noticeboards
1546:WikiProjects
1099:Quiet return
1050:Sockpuppetry
969:Open proxies
959:Range blocks
886:
626:start afresh
598:
589:
494:
471:
468:
461:Through the
460:
455:notification
421:
350:
308:
290:
169:
132:
120:
104:
89:
30:
1442:and related
1134:Admin guide
1111:User groups
1094:Clean start
870:2FA for AWB
795:New account
628:. Having a
508:global lock
231:HTTP cookie
31:This is an
1596:Categories
1484:Governance
1467:SPI clerks
1440:Committees
1430:Researcher
1368:Bureaucrat
1285:Page mover
1237:File mover
800:Logging in
738:governance
732:Knowledge
570:Checkusers
517:and write
203:reset link
155:encryption
71:WP:COMPACC
1571:Consensus
1561:Petitions
1551:Elections
1539:Proposals
1534:Meta-Wiki
1384:Oversight
1380:CheckUser
1070:Wikibreak
988:Sanctions
930:Autoblock
779:IP hopper
410:firewalls
78:WP:HACKED
63:Shortcuts
49:consensus
1425:Importer
1309:Rollback
1082:Retiring
1075:Enforcer
734:accounts
659:See also
538:stewards
500:Stewards
281:cookies.
270:Phishing
210:support
1581:Reforms
1463:Clerks
1420:Founder
1413:Request
1401:Request
1389:Request
1254:Request
1206:Request
1194:Request
529:WP:OTRS
107:blocked
53:vetting
1524:Board
1012:Essay
925:Tools
245:HTTPS
207:email
121:Both
1382:and
1326:PERM
1314:PERM
1302:PERM
1290:PERM
1278:PERM
1266:PERM
1242:PERM
1230:PERM
1218:PERM
1182:PERM
1170:PERM
1158:PERM
1146:PERM
1114:and
1005:and
964:IPv6
736:and
408:and
338:and
303:and
240:etc.
225:etc.
198:etc.
51:and
1497:FAQ
1373:RfB
1361:RfA
1189:Bot
1007:Log
915:FAQ
157:to
109:or
1598::
556:ca
476:.
453:A
276:,
221:,
113:.
725:e
718:t
711:v
586:.
576:.
362:.
161:.
55:.
35:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.