Jump to content

Password policies

This is a list of the effective password policies for the user groups defined in this wiki.

GroupPolicies
Edit filter managers
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Edit filter helpers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Account creators
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Autoconfirmed users
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Autopatrolled
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Bots
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Bureaucrats
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Checkusers
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Temporary account IP viewers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Confirmed users
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Copyright violation bots
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Event coordinators
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Extended confirmed users
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Page movers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
File movers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Founder
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Importers
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Interface administrators
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
IP block exemptions
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Mass message senders
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Users blocked from the IP Information tool
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
New page reviewers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Researchers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Pending changes reviewers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Rollbackers
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Stewards
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
Oversighters
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Administrators
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Template editors
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Transwiki importers
(list of members)
  • Password must be at least 10 characters long (MinimalPasswordLength) (suggest change on login, must change on login)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)
  • Password must be at least 1 character long to be able to login (MinimumPasswordLengthToLogin)
Users
(list of members)
  • Password must be at least 8 characters long (MinimalPasswordLength)
  • Password cannot be a substring within the username (PasswordCannotBeSubstringInUsername) (suggest change on login)
  • Password cannot match a specific list of default passwords (PasswordCannotMatchDefaults) (suggest change on login)
  • Password must be less than 4,096 characters long (MaximalPasswordLength) (suggest change on login)
  • Password cannot be in the list of 100,000 most commonly used passwords. (PasswordNotInCommonList) (suggest change on login)
  • Password policy for mitigation of known attacks where disclosure of details would impede the mitigation (BlockAttacker)