Board Thread:General Discussion/@comment-168424-20151021215226/@comment-5065259-20160708230818

Ciencia Al Poder wrote:

Dessamator wrote: Also, MediaWiki's default login system wasn't really all that great either. They  seem to have upgraded it  recently. See rationale, and tasks: They improved the login mechanism so extensions have now more control to extend it, like integrating 2FA, or doing external authentication like login with an LDAP or OAuth, not that it had any security issue. How passwords are stored in the database wasn't modified as part of this, but on MediaWiki 1.24 where stored passwords were salted and hashed with sha256 instead of the more insecure md5. This means upgrading wikia would give stronger password encryption and probably a much nicer way to integrate failbook accounts. despite this being an old thread, staff's not going to upgrade mediawiki anytime soon or really ever