Wikipedia:Bots/Requests for approval/PasswordBot


 * The following discussion is an archived debate. Please do not modify it. Subsequent comments should be made in a new section. The result of the discussion was Symbol delete vote.svg Denied.

PasswordBot
Operator: ST47 Talk

Automatic or Manually Assisted: Makes no edits.

Programming Language(s): Perl, Perlwikipedia

Function Summary: I have no idea how this will be received. In light of last night's incident, I want to run a bot that checks common passwords against accounts of administrators, bots, and perhaps prominent users. More information below.

Edit period(s) (e.g. Continuous, daily, one time run): Probably monthly on a set of 10 common passwords, and whenever I feel like running it.

Edit rate requested: 1 edit per eternity

Already has a bot flag (Y/N): N/A

Function Details: OK. On the technical side, essentially the bot just logs in again and again, waiting for a success. It's configured to do 5 users then wait 5 seconds, and when it gets a hit, it's set to output the user's name. On the other side, I would then email the admin/bot/user with a thing on password security, telling them that a bot determined that their password was one of a list of 10 common passwords, and to choose one with letters, numbers, mixed case, punctuation. These letters would be personalized.

Discussion
When doing this, keep in mind that if I don't do this, someone else is going to, and that's going to be someone malicious. It looks like they already did, and IMO it's a matter of time before someone else tries with a larger list. Opinions? ST47 Talk 10:16, 7 May 2007 (UTC)
 * Technically, you don't need approval for this, as it doesn't edit. That said, I think that the community probably needs to be consulted - could you make a post at VPP, directing people here please?  Thanks, Martinp23 11:00, 7 May 2007 (UTC)

I don't like the sound of this. Regular users shouldn't be attempting to access others' accounts, even with good intentions. This is a job best left to the devs imho. --kingboyk 11:12, 7 May 2007 (UTC)
 * Please see Administrators%27_noticeboard. --kingboyk 12:37, 7 May 2007 (UTC)

According to ANI, Brion is going to run a password cracker directly on the database. I think that, for now, the privacy implications of approving a bot like this are too great, so I am denying the request. If you want it to be considered in future, please first get appropriate community consensus from the appropriate noticeboards, and permission from the foundation (which will probably be neccessary for an issue like this). Martinp23 15:26, 7 May 2007 (UTC)


 * The above discussion is preserved as an archive of the debate. Please do not modify it. Subsequent comments should be made in a new section.