Seems quite confusing that the triggered login notification (as a result of logging in for this election, or perhaps as a result of failing to login to another part of Wikipedia related to the election) refers to Meta. At first I thought it was related to a fake Facebook account in my name that the "big" Meta is unable to remove or block, but now I think your email has no reference to that Meta. So there is no problem? I hope. But I still think your security email should not create confusion by saying it is from Meta.
Help talk:Login notifications
Appearance
Hi there. The software to tell you about login notifications uses the site's configured name ({{SITENAME}}
), rather than a hand-configured message. There's a message for Meta's name, which is project-localized-name-metawiki
, which displays as "Meta-Wiki" which is less likely to be confused with Meta the company, certainly.
If you think that the Meta community should rename their configured wiki name (e.g. to "Meta-Wiki", like the message), I think that's a reasonable request, but that should be a determination for that community, not the developers, so it'd be best raised at Meta:Babel.
Thanks and sorry I didn't notice your reply earlier--but I mostly don't care about Wikipedia these years. Certainly not enough to pursue the resolution of such a minor confusion.
(Like the confusion about my logged out status. It handled it correctly anyway. I was able to log in without losing the draft.)
i just got a notification, i did not login into my account manually recently, but my app might have done it automatically. my password never leaked as far as i know, i use password manager and change it eventually without any consistency but might have done it in the past 3y or so, and i do not think someone else would even try to login, so i would really like to see the so proposed page with activities! any clues?
...for example, the e-mail should say the IP address, the owner of the IP (based on a "whois" lookup) and the operating system that the user was on, and whether the login was successful or not. (The way that the message is worded, it sounds like the logins were successful, therefore, probably me! But this help article says that the feature is triggered for unsuccessful logins. Multiple unsuccessful logins should result in a message saying how many unsuccessful attempts there were.)
~~~~
I think so.
I agree.-SharabSalam (talk) 09:59, 8 April 2020 (UTC)
I agree.
- The IP address / location would be helpful. I'd like to verify the login attempts are not the result of something going wrong with one of my devices.
- I'd like to understand whether the IP trying to login eventually got blocked. Or are they allowed to continue trying to brute force their way in to my account?
I agree that the number of attempts would be particularly useful, to distinguish between a serious attempt to crack and someone not sure if this was their account name.
Didn't we use to get an email that indicated the IP address from which login attempts were made? That was a very useful thing that helped weed out LTAs. A page teaching me about passwords is of no use.
... I prefer to refer people to the authority on the subject:
https://imgs.xkcd.com/comics/password_strength.png
There is no reason for 'requiring' those strange combinations of upper-case letters and numerals and symbols, just in the (mathematically incorrect) sense that they 'feel' more comfortable. Long passwords, by contrast, are far more secure, even if they are composed exclusively of dictionary words.
Information theory FTW!
Not a useful warning. Wikipedia should include or allow me to access enough information to assess what sort of attack it was. Let me offer three attack scenarios that I could distinguish between. (1) Trivial dictionary attack with nothing but my user name and some frequently used passwords. This would be especially harmless if it was part of a broad attack at many user names. (2) A targeted attack based on one of my actual passwords. This might be a highly personal phishing attack where some other system has been breached and that password is being tested against other systems I might be using. (3) The attack might be based on a breach of Wikipedia itself, where the password they are probing with is a partial match of my actual password. Obviously not a total breach, since that would have avoided any login failure, but perhaps something that allows them to guess highly likely passwords and the failures were incorrect confirmation attempts.
In addition to information about the nature of the login failures, something to help identify a successful breech would be helpful. Right now the only information that comes to mind would be a summary of my edits since the possible attack. I probably can't remember every edit I've made, but I almost surely could recognize weird patterns.
(Why did it MediaWiki apparently log me out? Was that a security thing? Anyway, I don't see any reason not to put my identity on this suggestive feedback (?).)
That's ridiculous, I am logged in Commons and he.wiki. I was able to log in even though my password is only 9 characters but not I cant do it.
Hi, recently I have started to log into my account from a different PC. After the occasion, I kept getting notifications about someone successfully entering my I’d and password. It happens every day and the notification won’t go away, even though I click on it or check it to mark as read. It stays there with gray number. It is really annoying. Can someone suggest anything?
Note: I do not want to change my password
Hi @HastaLaVi2. I'm sorry for the repeated notifications. This is a known bug and we are trying to solve it in task T174220. I'll let you know as soon as we fix it. Thank you.
same here too drew270
This bug has now been fixed. If this happens to you again, please let me know. Thank you for your patience with this.
Yeah, no problem here anymore. Seems that it is ok, thank you.
Alguem pode me informar porque minha conta foi cancelada
Foram detectados problemas com a sua sessão; Esta ação foi cancelada como medida de proteção contra a interceptação de sessões. Experimente usar o botão "Voltar" e atualizar a página de onde veio e tente novamente.