Wikipedia:Administrators' newsletter/2019/1

Technical news

• Starting on December 13, the Wikimedia Foundation security team implemented new password policy and requirements. Privileged accounts (administrators, bureaucrats, checkusers, oversighters, interface administrators, bots, edit filter managers/helpers, template editors, et al.) must have a password at least 10 characters in length. All accounts must have a password:

1. At least 8 characters in length
2. Not in the 100,000 most popular passwords (defined by the Password Blacklist library)
3. Different from their username

User accounts not meeting these requirements will be prompted to update their password accordingly. More information is available on MediaWiki.org.

• Blocked administrators may now block the administrator that blocked them. This was done to mitigate the possibility that a compromised administrator account would block all other active administrators, complementing the removal of the ability to unblock oneself outside of self-imposed blocks. A request for comment is currently in progress to determine whether the blocking policy should be updated regarding this change.
• {{
  RevDel
  checkboxes already filled in.

Arbitration

• Following the 2018 Arbitration Committee elections, the following editors have been appointed to the Arbitration Committee: AGK, Courcelles, GorillaWarfare, Joe Roe, Mkdw, SilkTork.

Miscellaneous

• Accounts continue to be compromised on a regular basis. Evidence shows this is entirely due to the accounts having the same password that was used on another website that suffered a data breach. If you have ever used your current password on any other website, you should change it immediately.
• Around 22% of admins have enabled
  doing so. Regardless of whether you use 2FA, please practice appropriate account security by ensuring your password is secure
  and unique to Wikimedia.