Page MenuHomePhabricator
Create Task
Maniphest T11838

Send notification to account owner on multiple unsuccessful login attempts
Closed, ResolvedPublic
Actions

Assigned To
demon
Authored By
bzimport
May 8 2007, 2:51 AM
Tags
Referenced Files
F3713: patch
Nov 21 2014, 9:36 PM
Subscribers
Aklapper
alaa
Bawolff
BethNaught
csteipp
DanielFriesen
DannyH
View All 38 Subscribers
Tokens
"Cookie" token, awarded by RandomDSdevel."Love" token, awarded by Kizule."Like" token, awarded by Reception123."Like" token, awarded by Ladsgroup."Like" token, awarded by Liuxinyu970226."Like" token, awarded by Addshore."Like" token, awarded by Luke081515.

Description

Author: titoxd.wikimedia

Description:
Thinking along the lines of T11816, it would be advisable to send an email
notification to an account owner if someone is trying to log in to an account
and fails X number of times within a particular period of time.

URL: https://en.wikipedia.org/wiki/Special:Userlogin
See Also: T28227: Notify user by email when password changed

Details

Reference
bz9838
SubjectRepoBranchLines +/-
Initial version of extension to notify people on failed login attempts.mediawiki/extensions/LoginNotifymaster+1 K -0
Customize query in gerrit

Related Objects
Search...

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.
StatusSubtypeAssignedTask
· · ·
InvalidNoneT11816 Improve security for Special:Userlogin (tracking)
InvalidWikinautT3932 [DO NOT USE] ENotif/EConfirm & further enhancements (tracking) [superseded by #MediaWiki-Email]
OpenNoneT125653 Create new types of notifications
Resolved demonT11838 Send notification to account owner on multiple unsuccessful login attempts
ResolvedkostajhT34281 MediaWiki needs a sane notification system (tracking)
ResolvedkaldariT140167 Security Review of LoginNotify extension
Resolved NiharikaT153335 Investigation: Notify on multiple unsuccessful login attempts
Resolved NiharikaT154064 Investigation: What would be the best way to support loginwiki from LoginNotify
ResolvedBawolffT151414 LoginNotify cleanup
ResolvedBawolffT135270 Update LoginNotify for AuthManager
DeclinedNoneT156421 Disable login on loginwiki
ResolvedkaldariT158871 Enable editmyoptions right for all users on loginwiki
Resolved NiharikaT158878 Test LoginNotify Extension on Beta Cluster
ResolvedMusikAnimalT160031 Improve failed login notifications in LoginNotify extension
Resolved NiharikaT160094 Investigation: Config settings for LoginNotify in production
Restricted Task
Resolved NiharikaT162104 Fix multiple/repetitive notifications with LoginNotify
ResolvedReedyT162103 Create a vagrant role for installing LoginNotify with vagrant
ResolvedMaxSemT165007 Deploy LoginNotify to Test Wikipedia
ResolvedJohanT165037 Document multiple unsuccessful login attempts notifications
OpenNoneT182867 BotPasswords + Toolforge combination causing daily "login from new device" warning emails
· · ·

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
Johan subscribed.Apr 7 2016, 4:38 PM

When would you expect this to go into production?

Nemo_bis added a comment.Apr 10 2016, 10:09 AM
In T11838#2187356, @Johan wrote:

When would you expect this to go into production?

See https://www.mediawiki.org/wiki/Writing_an_extension_for_deployment ; typically a new extension takes between few weeks and a decade.

Bawolff added a comment.Apr 10 2016, 5:16 PM
In T11838#2187356, @Johan wrote:

When would you expect this to go into production?

I have no specific timeline yet. Not for a while yet. Ill make sure tech news is notified whenever this becomes imminent

Johan added a comment.Apr 11 2016, 12:49 AM

@Nemo_bis Yes. Which is why it is important to ask. (:

@Bawolff Good to know. And thanks.

Johan moved this task from To Triage to Not ready to announce on the User-notice board.Apr 11 2016, 12:50 AM
Bawolff mentioned this in T140167: Security Review of LoginNotify extension.Jul 12 2016, 9:52 PM
Bawolff added a subtask: T140167: Security Review of LoginNotify extension.
Tgr mentioned this in T68699: Increase "remember me" login cookie expiry from 30 days to 1 year on Wikimedia wikis.Aug 12 2016, 9:06 PM
Addshore awarded a token.Sep 12 2016, 9:09 AM
Addshore subscribed.
Tgr mentioned this in T18435: New extension to enforce minimum password strength..Nov 17 2016, 5:49 AM
Verdy_p subscribed.EditedNov 17 2016, 10:17 PM

In a long comment (now more like a paper), I added new ideas in T18435: New extension to enforce minimum password strength.

I've included additional considerations on security but the main point is about evaluation of password strength and how we can help users choosing stronger passwords (not just based on simple password lengths that users can't remember): it gives more choices to users and could provide better hints for them than just a simple measurement.

Consider commenting on it. After an initial request (TL;DR for a simple comment) I added some headings and structured it a bit, fixing some typos and adding notes for further considerations in each part.

There are also some possible extension about "strength classes" that we could administer for securiing the strongest class that should be needed to access some very elevated privileges (direct SQL access, inspecting server log files and private user data stored on servers, maintenance of the technical platform including DNS administration, write access to the MediaWiki code...)

Thibaut120094 subscribed.Nov 19 2016, 2:34 PM
Liuxinyu970226 subscribed.Nov 27 2016, 9:04 AM
DannyH mentioned this in T153335: Investigation: Notify on multiple unsuccessful login attempts.Dec 15 2016, 5:36 PM
DannyH added a subtask: T153335: Investigation: Notify on multiple unsuccessful login attempts.
DannyH added a project: Community-Tech.Dec 15 2016, 8:07 PM
DannyH moved this task from New & TBD Tickets to In Sprint 🏃‍♀️🏃‍♂️ on the Community-Tech board.
BethNaught subscribed.Dec 15 2016, 10:45 PM
Stevietheman subscribed.Dec 16 2016, 1:36 PM
kaldari added a subtask: T154064: Investigation: What would be the best way to support loginwiki from LoginNotify.Dec 24 2016, 12:13 AM
kaldari added subtasks: T151414: LoginNotify cleanup, T135270: Update LoginNotify for AuthManager.Dec 24 2016, 12:30 AM
kaldari closed subtask T153335: Investigation: Notify on multiple unsuccessful login attempts as Resolved.Dec 24 2016, 12:39 AM
Liuxinyu970226 added a project: Community-Wishlist-Survey-2016.Jan 1 2017, 3:16 AM
Liuxinyu970226 removed a project: Community-Wishlist-Survey-2016.Jan 2 2017, 12:57 AM
fgiunchedi subscribed.Jan 9 2017, 8:05 PM
Snaevar subscribed.Jan 14 2017, 8:30 PM
Titodutta subscribed.Jan 15 2017, 10:28 AM
Meno25 subscribed.Jan 17 2017, 11:42 AM
stwalkerster subscribed.Jan 17 2017, 6:16 PM
kaldari created subtask T156421: Disable login on loginwiki.Jan 26 2017, 8:45 PM
kaldari closed subtask T154064: Investigation: What would be the best way to support loginwiki from LoginNotify as Resolved.Jan 26 2017, 9:42 PM
kaldari closed subtask T151414: LoginNotify cleanup as Resolved.Feb 1 2017, 5:05 PM
kaldari closed subtask T156421: Disable login on loginwiki as Declined.Feb 3 2017, 6:30 AM
Liuxinyu970226 awarded a token.Feb 7 2017, 12:42 PM
kaldari closed subtask T135270: Update LoginNotify for AuthManager as Resolved.Feb 15 2017, 11:27 PM
kaldari closed subtask T140167: Security Review of LoginNotify extension as Resolved.Feb 15 2017, 11:29 PM
Gradzeichen added a comment.Feb 23 2017, 4:16 AM

https://meta.wikimedia.org/w/index.php?title=User_talk%3ABWolff_%28WMF%29&type=revision&diff=16350218&oldid=16328586

(no editmyoptions right on loginwiki an issue?)

kaldari added a subtask: T158871: Enable editmyoptions right for all users on loginwiki.Feb 23 2017, 5:18 PM
kaldari added a subtask: T158878: Test LoginNotify Extension on Beta Cluster.Feb 23 2017, 5:28 PM
kaldari closed subtask T158871: Enable editmyoptions right for all users on loginwiki as Resolved.Feb 28 2017, 12:41 AM
DannyH added a subtask: T160031: Improve failed login notifications in LoginNotify extension.Mar 17 2017, 9:03 PM
DannyH added a subtask: T160094: Investigation: Config settings for LoginNotify in production.
Ladsgroup awarded a token.Mar 22 2017, 7:48 PM
Ladsgroup subscribed.
Vachovec1 subscribed.Mar 23 2017, 12:15 AM
kaldari closed subtask T160031: Improve failed login notifications in LoginNotify extension as Resolved.Mar 23 2017, 6:04 PM
kaldari added a subtask: Restricted Task.Mar 25 2017, 1:31 AM
Addshore unsubscribed.Mar 27 2017, 11:20 PM
DannyH added a subtask: T162104: Fix multiple/repetitive notifications with LoginNotify.Apr 4 2017, 10:19 PM
DannyH added a subtask: T162103: Create a vagrant role for installing LoginNotify with vagrant.
Reedy closed subtask T162103: Create a vagrant role for installing LoginNotify with vagrant as Resolved.Apr 5 2017, 12:58 AM
kaldari closed subtask Restricted Task as Resolved.Apr 12 2017, 10:58 PM
kaldari closed subtask T158878: Test LoginNotify Extension on Beta Cluster as Resolved.Apr 20 2017, 5:50 PM
Catrope mentioned this in T162104: Fix multiple/repetitive notifications with LoginNotify.Apr 20 2017, 11:57 PM
kaldari closed subtask T162104: Fix multiple/repetitive notifications with LoginNotify as Resolved.Apr 24 2017, 9:09 PM
kaldari closed subtask T160094: Investigation: Config settings for LoginNotify in production as Resolved.Apr 28 2017, 11:29 PM
kaldari added a subtask: T165007: Deploy LoginNotify to Test Wikipedia.May 11 2017, 5:39 AM
Trizek-WMF created subtask T165037: Document multiple unsuccessful login attempts notifications.May 11 2017, 12:38 PM
Trizek-WMF added projects: User-notice-collaboration, Collaboration-Community-Engagement.
Trizek-WMF moved this task from To Triage to Not ready to announce on the User-notice-collaboration board.
Trizek-WMF moved this task from Backlog to To watch on the Collaboration-Community-Engagement board.
Johan closed subtask T165037: Document multiple unsuccessful login attempts notifications as Resolved.May 11 2017, 6:13 PM
MaxSem closed subtask T165007: Deploy LoginNotify to Test Wikipedia as Resolved.Jun 6 2017, 7:48 PM
DannyH subscribed.Jun 7 2017, 9:32 PM

LoginNotify is now on Test Wikipedia -- https://test.wikipedia.org/wiki/Main_Page

It's available for testing, if people want to give it a try.

The project page is here, with more info on the feature:

https://meta.wikimedia.org/wiki/Community_Tech/LoginNotify

Wong128hk subscribed.Jul 9 2017, 4:46 PM
DannyH moved this task from In Sprint 🏃‍♀️🏃‍♂️ to Older: Tracking Work by Others on the Community-Tech board.Jul 17 2017, 9:54 PM
Reception123 awarded a token.Sep 2 2017, 9:00 AM
Reception123 subscribed.
Kizule awarded a token.Nov 8 2017, 6:51 PM
thiemowmde added a subtask: T182867: BotPasswords + Toolforge combination causing daily "login from new device" warning emails.Dec 14 2017, 4:17 PM
demon closed this task as Resolved.Jan 25 2018, 2:16 AM
demon claimed this task.
demon subscribed.

LoginNotify is everywhere now

Liuxinyu970226 unsubscribed.Jan 25 2018, 4:49 AM
Tgr added a project: MediaWiki-extensions-LoginNotify.Jan 26 2018, 5:31 AM
Restricted Application added a subscriber: alaa. · View Herald TranscriptJan 26 2018, 5:31 AM
TBolliger moved this task from Older: Tracking Work by Others to Archive on the Community-Tech board.Jan 31 2018, 10:52 PM
Trizek-WMF moved this task from Not ready to announce to Announce in next Tech/News on the User-notice board.Feb 27 2018, 2:45 PM
Trizek-WMF moved this task from Not ready to announce to In current Collaboration Newsletter draft on the User-notice-collaboration board.
Johan moved this task from Announce in next Tech/News to Already announced/Archive on the User-notice board.Mar 2 2018, 8:30 AM
RandomDSdevel awarded a token.Mar 12 2018, 6:44 PM
Trizek-WMF moved this task from In current Collaboration Newsletter draft to Announced in Collaboration Newsletter on the User-notice-collaboration board.Mar 21 2018, 3:41 PM
MarcoAurelio moved this task from Backlog to Done on the MediaWiki-extensions-LoginNotify board.Jun 17 2018, 11:23 AM
Meno25 unsubscribed.Sep 21 2018, 7:47 PM
kostajh closed subtask T34281: MediaWiki needs a sane notification system (tracking) as Resolved.Feb 17 2020, 8:47 AM
Stevietheman unsubscribed.Feb 17 2020, 12:54 PM
AmandaNP added a subtask: T249408: Show useragent data and username on new device login emails.Apr 4 2020, 11:05 AM
Aklapper removed a subtask: T249408: Show useragent data and username on new device login emails.Apr 4 2020, 12:06 PM
Ladsgroup edited projects, added User-notice-archive; removed User-notice.Aug 13 2022, 1:54 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL