On Tue, Feb 4, 2014 at 11:20 PM, MZMcBride <z(a)mzmcbride.com> wrote:
General consensus (on this mailing list and at the
RFC) seems to be that
we can certainly encourage stronger passwords, but we should not require
stronger passwords for standard accounts. Accounts with escalated
privileges (admin, checkuser, etc.) should likely be treated differently.
That does not seem to be the consensus to me. I see several people with
expertise in this area (Chris Steipp, Ryan Lane, others) recommending that
this is the least we should do. I think we should leave determining
consensus up to the people who will close the RFC.