Board Thread:General Discussion/@comment--20150810171627/@comment-434561-20150810200646

DaNASCAT wrote:

Hello,

I just want to address some of the points already addressed in the replies to this thread.

First and foremost, there are a lot of suggestions included on this thread about how to mitigate this particular exploit. They are very good solid ones. However, each one would require a good amount of engineering time and each have a fallback. For instance, 2FA is totally something that would strengthen security. But it would also cause more log in issues and maybe detract some people from joining Wikia. The more steps you put in the registration process, the more likely it is for someone to feel it's not worth it (and joining Wikia is worth it!)

... Every major service that offers 2FA has it as a recommended option. For some examples, see Google, Facebook, Outlook.com, Dropbox, GitHub. You don't need to have it to register, but it should be available for those who want it, and visible (via usergroup or whatever) so communities can enforce it for their admins.

DaNASCAT wrote:

... The specific feedback is that it is unnecessary to transclude the login form on every page. Great news! We agree with that. For a long time, Wikia has been working on our backend for a new log-in and user registration system called Helios. It's built outside of the traditional MediaWiki architecture, which allows us to avoid a lot of the traps MediaWiki architecture has put us in. We have been slowly rolling out parts of Helios after testing. Unfortunately, this vulnerability was exploited before we were able to provide a closure that would maintain similar functionality. That's truly regrettable, but only drives us more to improve this system as a whole. In the meantime you can replace the form with a link to Special:UserLogin, so JS can be re-enabled.