359:(2FA) is a way of strengthening the security of your account. If you enable two-factor authentication, every time you log in you will be asked for a one-time six-digit number in addition to your password. This number can be provided by an app on your smartphone or other authentication device (called a TOTP client). In order to login you must know your password and have your authentication device available to generate the code.
372:
251:
42:
127:
426:, as this enables them to reset their password via email if necessary. (Providing an email address also makes possible communications with other users via email; this can be disabled in preferences by unchecking the option "allow other users to email me".) Email alerts generated by the
333:, or to have had their accounts compromised by a malicious person, may have their accounts blocked and their privileges removed on grounds of site security. In certain circumstances, the revocation of privileges may be permanent. Discretion on resysopping temporarily
300:
Knowledge (XXG)'s "Log out" link logs out all the user's current sessions. If a logged-in device is lost or stolen, changing the password and logging out on another device may help to prevent future abuse of the account on the lost device.
270:
If you receive this notification, don't worry! Your account is still secure. But even if you do have a strong password, you may want to change your password anyway, if you suspect that someone else has tried to access your account.
266:
system, you will be alerted when someone attempts and fails to log in to your account. Multiple alerts are bundled into one for an attempt from a new device/IP, but for a known device/IP, you get one alert for every 5 attempts.
193:. The burden of using sufficiently strong passwords lies on you, the user. What this means is that if your account is compromised (for any reason), this will be treated as you not having used a sufficiently strong password.
931:
926:
872:
381:. If you lose or have a problem with your TOTP client you will be locked out of your account unless you have access to these codes. Once locked out, regaining access to your account may not be possible.
489:
484:
479:
474:
469:
210:
Accounts that appear to have been compromised may be blocked without warning; administrators will generally not unblock such accounts without evidence that their rightful owners solely control them.
1099:
430:
system can also be sent to your email address, such as "failed login attempts" and "login from an unfamiliar device" notifications (these two messages are on by default, but are configurable in the
391:
This action is currently limited to administrators, bureaucrats, oversighters, checkusers, edit filter managers, template editors and interface administrators. Other users may request 2FA at
1186:
1063:
1027:
196:
Avoid linking to external sites from your user page and user talk pages, since this reveals a connection that can be used in an attempt to take over your
Knowledge (XXG) user account.
1075:
1015:
679:
494:
1123:
979:
943:
392:
967:
722:
619:
1264:
689:
1087:
1039:
955:
521:
292:
In a nutshell, you can help
Knowledge (XXG) block access to the account and prevent malicious behavior. Do not expect to be able to regain control of the account.
1111:
778:
1326:
717:
1306:
1404:
647:
448:
65:; rather, its purpose is to explain certain aspects of Knowledge (XXG)'s norms, customs, technicalities, or practices. It may reflect differing levels of
1051:
744:
1269:
228:
Click on "Preferences" at the top right-hand corner of the page and then click the "Change
Password" button on the "User Profile" tab to access the
804:
657:
571:
412:
1399:
1070:
991:
816:
1210:
199:
If you need to use a public computer or connect your own computer to a public Wi-Fi network, consider establishing an alternative account (see
1094:
739:
145:
before they can edit using their usernames. Passwords help ensure that someone does not masquerade as another editor. Editors should use a
1205:
921:
566:
1353:
1198:
1135:
1003:
551:
62:
1170:
1158:
862:
852:
514:
896:
1246:
751:
338:
216:. Accounts with advanced permissions risk their permissions being revoked or account blocked due to violation of community trust and
135:
Failing to use a sensible password can lead to temporary loss of editing access and may lead to permanent loss of privileged access.
1321:
1316:
1130:
1058:
790:
684:
286:
280:
58:
1336:
1301:
1251:
1217:
1373:
1294:
1227:
1222:
1046:
1022:
998:
950:
908:
884:
800:
667:
561:
543:
531:
458:
313:) can perform some actions. It is especially important that these privileged editors have strong passwords. Administrators,
662:
399:
350:
1358:
1010:
809:
795:
734:
614:
507:
50:
1311:
1118:
974:
938:
857:
821:
707:
609:
443:
217:
674:
1289:
1281:
1153:
831:
826:
773:
535:
310:
185:
is not used on any other website – websites periodically get hacked, with user information leaked onto the internet
1256:
962:
626:
463:
427:
263:
356:
1363:
847:
766:
631:
341:, provided they can determine that the administrator is back in control of the previously compromised account.
169:. For normal users, those requirements are enforced when an account is created and when a password is changed.
1343:
1193:
1165:
891:
592:
419:
1237:
1082:
1034:
986:
712:
314:
245:
229:
1368:
1348:
1181:
1177:
867:
785:
727:
576:
326:
318:
70:
66:
556:
1106:
879:
200:
182:
avoids dictionary words, given or last names, or personal information (date of birth, cat's name, etc.)
80:
761:
1378:
322:
913:
602:
431:
423:
255:
241:
453:
330:
204:
190:
150:
146:
1331:
756:
154:
250:
166:
28:
597:
17:
203:
for important instructions and limitations) since malicious software or hardware could
377:
During your enrollment you will be presented with a series of one-time scratch codes.
1393:
499:
285:
Information on what to do when your account has been compromised can be found at
402:
for step-by-step directions, cautions, and information about this feature.
334:
142:
27:"WP:PASSWORD" redirects here. For the policy on password strength, see
490:
Knowledge (XXG):Knowledge (XXG) Signpost/2015-11-11/Discussion report
485:
Knowledge (XXG):Knowledge (XXG) Signpost/2010-08-02/Technology report
480:
Knowledge (XXG):Knowledge (XXG) Signpost/2007-05-07/Admins desysopped
475:
Knowledge (XXG):Knowledge (XXG) Signpost/2006-12-18/Technology report
470:
Knowledge (XXG):Knowledge (XXG) Signpost/2006-02-06/Password security
411:
For informal advice on personal security, including passwords, see
249:
149:
to avoid being blocked for bad edits by someone who guesses or "
503:
366:
287:
Knowledge (XXG):Compromised accounts § After being compromised
121:
36:
153:" other editors' passwords. Users may access their account's
258:
alerting a user of a failed login attempt from a new device
176:
is at least eight characters (ten for privileged accounts)
495:
Knowledge (XXG):Village pump (proposals)/Account security
179:
has a mixture of upper and lowercase letters and numbers
109:
102:
95:
88:
165:
Password strength requirements are explained in the
1280:
1236:
1146:
907:
840:
698:
640:
585:
542:
309:On Knowledge (XXG), only certain users (including
275:What to do when your account has been compromised
296:What to do when your device has been compromised
449:Knowledge (XXG):Password strength requirements
515:
379:You should safely store a copy of these codes
8:
141:All registered users have to log in using a
413:Knowledge (XXG):Personal security practices
189:Do this, and your password is likely to be
680:On privacy, confidentiality and discretion
522:
508:
500:
242:Help:Notifications § Failed login attempts
63:Knowledge (XXG)'s policies or guidelines
1405:Knowledge (XXG) user account security
620:Usernames for administrator attention
387:To set up two-factor authentication:
7:
281:Knowledge (XXG):Compromised accounts
393:Steward requests/Global permissions
745:UTRS Unblock Ticket Request System
459:Knowledge (XXG):Committed identity
25:
1400:Knowledge (XXG) information pages
172:You should have a password that:
370:
214:Never, ever, share your password
125:
40:
34:Knowledge (XXG) information page
1307:Editorial oversight and control
444:Knowledge (XXG):Blocking policy
371:
345:Two-factor authentication (2FA)
648:Password strength requirements
400:Help:Two-factor authentication
355:Wikimedia's implementation of
351:Help:Two-factor authentication
337:administrators is left to the
1:
464:Knowledge (XXG):FAQ/Technical
428:Knowledge (XXG):Notifications
218:standards on account sharing
658:Personal security practices
572:IP addresses are not people
246:mw:Help:Login notifications
1421:
348:
278:
239:
157:to change their password.
78:
26:
740:Guide to appealing blocks
663:Two-factor authentication
466:(how to recover password)
432:notifications preferences
357:two-factor authentication
1095:Pending changes reviewer
922:Requests for permissions
699:Blocks, bans, sanctions,
420:provide an email address
418:Users are encouraged to
133:This page in a nutshell:
18:Knowledge (XXG):Security
1354:Policies and guidelines
1206:Interface administrator
1136:Volunteer Response Team
544:Unregistered (IP) users
863:Vandalism-only account
853:Single-purpose account
552:Why create an account?
259:
230:Special:ChangePassword
224:Changing your password
1247:Arbitration Committee
752:Blocking IP addresses
653:User account security
339:Arbitration Committee
253:
236:Failed login attempts
205:capture your password
1317:Wikimedia Foundation
1147:Advanced user groups
1131:Global rights policy
690:How to not get outed
685:Compromised accounts
627:Unified login or SUL
59:encyclopedic article
29:meta:Password policy
1302:Formal organization
1252:Bot approvals group
1194:Edit filter manager
1059:Mass message sender
841:Related to accounts
329:discovered to have
1374:Dispute resolution
1023:Extended confirmed
999:Edit filter helper
927:Admin instructions
914:global user groups
885:Courtesy vanishing
801:Contentious topics
791:Personal sanctions
675:Committed identity
562:Request an account
305:Privileged editors
260:
1387:
1386:
1071:New page reviewer
1011:Event coordinator
796:General sanctions
735:Appealing a block
632:Alternate account
615:Changing username
567:IPs are human too
557:Create an account
454:Password strength
424:their preferences
385:
384:
191:reasonably strong
139:
138:
120:
119:
16:(Redirected from
1412:
951:(Auto) confirmed
817:Indef ≠ infinite
641:Account security
586:Registered users
530:Knowledge (XXG)
524:
517:
510:
501:
374:
373:
367:
129:
128:
122:
112:
105:
98:
91:
51:information page
44:
43:
37:
21:
1420:
1419:
1415:
1414:
1413:
1411:
1410:
1409:
1390:
1389:
1388:
1383:
1312:Quality control
1276:
1232:
1142:
1119:Template editor
1047:IP block exempt
975:AutoWikiBrowser
939:Account creator
903:
858:Sleeper account
836:
822:Long-term abuse
708:Blocking policy
694:
636:
610:Username policy
603:Reset passwords
581:
538:
528:
440:
409:
365:
353:
347:
307:
298:
283:
277:
248:
238:
226:
167:password policy
163:
147:strong password
126:
116:
115:
108:
101:
94:
87:
83:
75:
74:
41:
35:
32:
23:
22:
15:
12:
11:
5:
1418:
1416:
1408:
1407:
1402:
1392:
1391:
1385:
1384:
1382:
1381:
1376:
1371:
1366:
1361:
1356:
1351:
1346:
1341:
1340:
1339:
1334:
1329:
1327:Founder's seat
1324:
1314:
1309:
1304:
1299:
1298:
1297:
1290:Administration
1286:
1284:
1278:
1277:
1275:
1274:
1273:
1272:
1267:
1259:
1254:
1249:
1243:
1241:
1234:
1233:
1231:
1230:
1225:
1220:
1215:
1214:
1213:
1203:
1202:
1201:
1191:
1190:
1189:
1175:
1174:
1173:
1163:
1162:
1161:
1150:
1148:
1144:
1143:
1141:
1140:
1139:
1138:
1128:
1127:
1126:
1116:
1115:
1114:
1104:
1103:
1102:
1092:
1091:
1090:
1080:
1079:
1078:
1068:
1067:
1066:
1056:
1055:
1054:
1044:
1043:
1042:
1032:
1031:
1030:
1020:
1019:
1018:
1008:
1007:
1006:
996:
995:
994:
984:
983:
982:
972:
971:
970:
960:
959:
958:
948:
947:
946:
936:
935:
934:
929:
918:
916:
911:
905:
904:
902:
901:
900:
899:
889:
888:
887:
877:
876:
875:
865:
860:
855:
850:
844:
842:
838:
837:
835:
834:
832:Global actions
829:
827:Standard offer
824:
819:
814:
813:
812:
807:
798:
793:
783:
782:
781:
779:ArbCom appeals
774:Banning policy
771:
770:
769:
764:
759:
749:
748:
747:
742:
732:
731:
730:
725:
720:
715:
704:
702:
701:global actions
700:
696:
695:
693:
692:
687:
682:
677:
672:
671:
670:
660:
655:
650:
644:
642:
638:
637:
635:
634:
629:
624:
623:
622:
617:
607:
606:
605:
595:
589:
587:
583:
582:
580:
579:
574:
569:
564:
559:
554:
548:
546:
540:
539:
529:
527:
526:
519:
512:
504:
498:
497:
492:
487:
482:
477:
472:
467:
461:
456:
451:
446:
439:
436:
408:
405:
404:
403:
396:
383:
382:
375:
364:
361:
346:
343:
331:weak passwords
311:administrators
306:
303:
297:
294:
276:
273:
237:
234:
225:
222:
187:
186:
183:
180:
177:
162:
159:
137:
136:
130:
118:
117:
114:
113:
106:
99:
92:
84:
79:
76:
56:
55:
47:
45:
33:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1417:
1406:
1403:
1401:
1398:
1397:
1395:
1380:
1377:
1375:
1372:
1370:
1367:
1365:
1362:
1360:
1357:
1355:
1352:
1350:
1347:
1345:
1342:
1338:
1335:
1333:
1330:
1328:
1325:
1323:
1320:
1319:
1318:
1315:
1313:
1310:
1308:
1305:
1303:
1300:
1296:
1293:
1292:
1291:
1288:
1287:
1285:
1283:
1279:
1271:
1270:ArbCom clerks
1268:
1266:
1263:
1262:
1260:
1258:
1257:Functionaries
1255:
1253:
1250:
1248:
1245:
1244:
1242:
1239:
1235:
1229:
1226:
1224:
1221:
1219:
1216:
1212:
1209:
1208:
1207:
1204:
1200:
1197:
1196:
1195:
1192:
1188:
1185:
1184:
1183:
1179:
1176:
1172:
1169:
1168:
1167:
1164:
1160:
1157:
1156:
1155:
1154:Administrator
1152:
1151:
1149:
1145:
1137:
1134:
1133:
1132:
1129:
1125:
1122:
1121:
1120:
1117:
1113:
1110:
1109:
1108:
1105:
1101:
1098:
1097:
1096:
1093:
1089:
1086:
1085:
1084:
1081:
1077:
1074:
1073:
1072:
1069:
1065:
1062:
1061:
1060:
1057:
1053:
1050:
1049:
1048:
1045:
1041:
1038:
1037:
1036:
1033:
1029:
1026:
1025:
1024:
1021:
1017:
1014:
1013:
1012:
1009:
1005:
1002:
1001:
1000:
997:
993:
990:
989:
988:
985:
981:
978:
977:
976:
973:
969:
966:
965:
964:
963:Autopatrolled
961:
957:
954:
953:
952:
949:
945:
942:
941:
940:
937:
933:
930:
928:
925:
924:
923:
920:
919:
917:
915:
910:
906:
898:
895:
894:
893:
890:
886:
883:
882:
881:
878:
874:
871:
870:
869:
866:
864:
861:
859:
856:
854:
851:
849:
846:
845:
843:
839:
833:
830:
828:
825:
823:
820:
818:
815:
811:
808:
806:
802:
799:
797:
794:
792:
789:
788:
787:
784:
780:
777:
776:
775:
772:
768:
765:
763:
760:
758:
755:
754:
753:
750:
746:
743:
741:
738:
737:
736:
733:
729:
726:
724:
721:
719:
718:Admin's guide
716:
714:
711:
710:
709:
706:
705:
703:
697:
691:
688:
686:
683:
681:
678:
676:
673:
669:
666:
665:
664:
661:
659:
656:
654:
651:
649:
646:
645:
643:
639:
633:
630:
628:
625:
621:
618:
616:
613:
612:
611:
608:
604:
601:
600:
599:
596:
594:
591:
590:
588:
584:
578:
575:
573:
570:
568:
565:
563:
560:
558:
555:
553:
550:
549:
547:
545:
541:
537:
533:
525:
520:
518:
513:
511:
506:
505:
502:
496:
493:
491:
488:
486:
483:
481:
478:
476:
473:
471:
468:
465:
462:
460:
457:
455:
452:
450:
447:
445:
442:
441:
437:
435:
433:
429:
425:
421:
416:
414:
406:
401:
397:
394:
390:
389:
388:
380:
376:
369:
368:
362:
360:
358:
352:
344:
342:
340:
336:
332:
328:
324:
320:
316:
312:
304:
302:
295:
293:
290:
288:
282:
274:
272:
268:
265:
257:
252:
247:
243:
235:
233:
231:
223:
221:
219:
215:
211:
208:
206:
202:
197:
194:
192:
184:
181:
178:
175:
174:
173:
170:
168:
160:
158:
156:
152:
148:
144:
134:
131:
124:
123:
111:
107:
104:
100:
97:
93:
90:
86:
85:
82:
77:
72:
68:
64:
61:, nor one of
60:
57:It is not an
54:
52:
46:
39:
38:
30:
19:
1364:Noticeboards
1344:WikiProjects
897:Quiet return
848:Sockpuppetry
767:Open proxies
757:Range blocks
652:
417:
410:
386:
378:
354:
327:oversighters
308:
299:
291:
284:
269:
264:notification
262:Through the
261:
256:notification
227:
213:
212:
209:
198:
195:
188:
171:
164:
140:
132:
48:
1240:and related
932:Admin guide
909:User groups
892:Clean start
668:2FA for AWB
593:New account
349:Main page:
315:bureaucrats
279:Main page:
201:WP:VALIDALT
155:preferences
103:WP:PASSWORD
89:WP:SECURITY
49:This is an
1394:Categories
1282:Governance
1265:SPI clerks
1238:Committees
1228:Researcher
1166:Bureaucrat
1083:Page mover
1035:File mover
598:Logging in
536:governance
335:desysopped
319:checkusers
240:See also:
161:In general
1369:Consensus
1359:Petitions
1349:Elections
1337:Proposals
1332:Meta-Wiki
1182:Oversight
1178:CheckUser
868:Wikibreak
786:Sanctions
728:Autoblock
577:IP hopper
363:Enrolling
96:WP:SECURE
81:Shortcuts
67:consensus
1223:Importer
1107:Rollback
880:Retiring
873:Enforcer
532:accounts
438:See also
395:on Meta.
323:stewards
143:password
1379:Reforms
1261:Clerks
1218:Founder
1211:Request
1199:Request
1187:Request
1052:Request
1004:Request
992:Request
71:vetting
244:, and
232:page.
151:cracks
110:WP:UAS
1322:Board
810:Essay
723:Tools
407:Notes
1180:and
1124:PERM
1112:PERM
1100:PERM
1088:PERM
1076:PERM
1064:PERM
1040:PERM
1028:PERM
1016:PERM
980:PERM
968:PERM
956:PERM
944:PERM
912:and
803:and
762:IPv6
534:and
398:See
325:and
69:and
1295:FAQ
1171:RfB
1159:RfA
987:Bot
805:Log
713:FAQ
434:).
422:in
1396::
415:.
321:,
317:,
289:.
254:A
220:.
207:.
523:e
516:t
509:v
73:.
53:.
31:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.