User talk:NaomiAmethyst/Archives/2019/May

ArbCom 2019 special circular

Administrators must secure their accounts The Arbitration Committee may require a new RfA if your account is compromised. Use strong, unique passwords for your Wikipedia account and associated email Change your password now if your Wikipedia account password or email password is reused on another website, exposed, or weak Enable two-factor authentication now for improved security

View additional information

Why have I received this message? All administrators are receiving it. What prompted you to send this message? Recently, several Wikipedia admin accounts were compromised. The admin accounts were desysopped on an emergency basis. In the past, the Committee often resysopped admin accounts as a matter of course once the admin was back in control of their account. The committee has updated its guidelines. Admins may now be required to undergo a fresh Request for Adminship (RfA) after losing control of their account. What do I need to do? Only to follow the instructions in this message. Check that your password is unique (not reused across sites). Check that your password is strong (not simple or guessable). Enable Two-factor authentication (2FA), if you can, to create a second hurdle for attackers. How can I find out more about two-factor authentication (2FA)? You can find out more about 2FA at m:2FA.

This message was sent to all administrators following a recent motion. Thank you for your attention. For the Arbitration Committee, Cameron11598 02:39, 4 May 2019 (UTC)

Administrator account security (Correction to Arbcom 2019 special circular)

ArbCom would like to apologise and correct our previous mass message in light of the response from the community.

Since November 2018, six administrator accounts have been compromised and temporarily desysopped. In an effort to help improve account security, our intention was to remind administrators of existing policies on account security — that they are required to "have strong passwords and follow appropriate personal security practices." We have updated our procedures to ensure that we enforce these policies more strictly in the future. The policies themselves have not changed. In particular, two-factor authentication remains an optional means of adding extra security to your account. The choice not to enable 2FA will not be considered when deciding to restore sysop privileges to administrator accounts that were compromised.

We are sorry for the wording of our previous message, which did not accurately convey this, and deeply regret the tone in which it was delivered.

For the Arbitration Committee, -Cameron11598 21:03, 4 May 2019 (UTC)

Administrators' newsletter – May 2019

News and updates for administrators from the past month (April 2019).

Administrator changes HickoryOughtShirt?4 • RexxS Necrothesp Bratsche • Kyle Barbour • Kzollman • Madman Interface administrator changes Pharos

Bureaucrat changes Primefac CheckUser changes Reaper Eternal

Guideline and policy news

• A request for comment concluded that creating pages in the portal namespace should be restricted to autoconfirmed users.
• Following a request for comment, the subject-specific notability guideline for pornographic actors and models (WP:PORNBIO) was removed; in its place, editors should consult WP:ENT and WP:GNG.

Technical news

• XTools Admin Stats, a tool to list admins by administrative actions, has been revamped to support more types of log entries such as AbuseFilter changes. Two additional tools have been integrated into it as well: Steward Stats and Patroller Stats.

Arbitration

• In response to the continuing compromise of administrator accounts, the Arbitration Committee passed a motion amending the procedures for return of permissions (diff). In such cases, the committee will review all available information to determine whether the administrator followed "appropriate personal security practices" before restoring permissions; administrators found failing to have adequately done so will not be resysopped automatically. All current administrators have been notified of this change.
• Following a formal ratification process, the arbitration policy has been amended (diff). Specifically, the two-thirds majority required to remove or suspend an arbitrator now excludes (1) the arbitrator facing suspension or removal, and (2) any inactive arbitrator who does not respond within 30 days to attempts to solicit their feedback on the resolution through all known methods of communication.

Miscellaneous

• A request for comment is currently open to amend the community sanctions procedure to exclude non XfD or CSD deletions.
• A proposal to remove pre-2009 indefinite IP blocks is currently open for discussion.

---

• Discuss this newsletter
• Subscribe
• Archive

Sent by MediaWiki message delivery (talk) 00:37, 5 May 2019 (UTC)