**Wikipedia Owners Crack Down on Security: Two-Factor Authentication Requirement for High-Privilege Users**

In a significant move to boost security measures, the Wikimedia Foundation, the non-profit organization that owns Wikipedia, has announced plans to require two-factor authentication (2FA) for users with high-level privileges starting in late May. This decision comes after a staggering 35,893 accounts across all Foundation-owned sites were compromised due to password vulnerabilities.

**The Breach: A Pattern of Unusual Log-Ins**

In March, the Wikimedia Foundation announced that it had locked over 35,000 accounts following an investigation into suspicious log-ins. The foundation suspected that the breaches were caused by "credential stuffing," a technique where hackers use stolen usernames and passwords to gain access to multiple websites and accounts. The compromised accounts, including those of low-activity users with only two edits, were identified due to common profile settings such as email addresses and time zones.

**Increased Security Measures**

The foundation has been working to strengthen security measures in response to previous hacking incidents. In 2018, multiple admin accounts were compromised, leading to vandalism on Wikipedia articles. The Wikimedia Foundation adopted stricter password requirements after the incident, but this latest breach highlights the need for further improvement. Two-factor authentication will be required for users with significant privileges, including checkusers and oversighters, who can access private account information.

**Expanding Accessibility and Security**

The foundation has announced plans to expand the accessibility and security of 2FA capabilities, such as allowing users to set up multiple authenticators and support modern phishing-resistant methods like security keys and passkeys. Currently, two-factor authentication is only available to users with privileged access, but the foundation intends to investigate enabling the option for all users.

**Community Input and Implementation**

The Wikimedia Foundation has invited community input on the proposed 2FA requirements, which were published on May 6. The implementation date is set for May 20. Community members have expressed concerns about the impact of increased security measures on user experience. However, the foundation emphasizes that the new requirements will make it easier for users to protect their accounts and prevent unauthorized access.

**A History of Hacking Incidents**

The Wikimedia Foundation has faced significant challenges in recent years due to hacking incidents. In 2018, multiple admin accounts were compromised, leading to vandalism on Wikipedia articles. The incident led to changes in password requirements and stricter practices for admins who violate the site's password policy. The foundation is committed to improving security measures to prevent similar breaches in the future.

**A Call to Action**

As the Wikimedia Foundation continues to work towards improved security measures, it is essential that users take steps to protect their accounts. Two-factor authentication can significantly reduce the risk of unauthorized access, and the foundation's efforts to expand accessibility and security will make this option available to all users in the near future.

**Conclusion**

The recent breach on Wikipedia has highlighted the need for increased security measures. The Wikimedia Foundation's decision to require two-factor authentication for high-privilege users is a significant step towards improving security and protecting user accounts. By expanding accessibility and security, the foundation aims to create a safer and more secure environment for all users.