 | This is aninformation page. It is neither anencyclopedia article nor one ofWikipedia's policies or guidelines; rather, its purpose is to explain certain aspects of Wikipedia's norms, customs, technicalities, or practices. It may reflect differing levels ofconsensus andvetting. |
 | This page in a nutshell: Failing to use a sensible password can lead to temporary loss of editing access and may lead to permanent loss of privileged access. |
All registered users have to log in using apassword before they can edit using their usernames. Passwords help ensure that someone does not masquerade as another editor. Editors should use astrong password to avoid being blocked for bad edits by someone who guesses or "cracks" other editors' passwords. Users may access their account'spreferences to change their password.
Password strength requirements are explained in thepassword policy. For normal users, those requirements are enforced when an account is created and when a password is changed.
You should have a password that:
Do this, and your password is likely to bereasonably strong. The burden of using sufficiently strong passwords lies on you, the user. What this means is that if your account is compromised (for any reason), this will be treated as you not having used a sufficiently strong password.
Avoid linking to external sites from your user page and user talk pages, since this reveals a connection that can be used in an attempt to take over your Wikipedia user account.
If you need to use a public computer or connect your own computer to a public Wi-Fi network, consider establishing an alternative account (seeWP:VALIDALT for important instructions and limitations) since malicious software or hardware couldcapture your password.
Accounts that appear to have been compromised may be blocked without warning; administrators will generally not unblock such accounts without evidence that their rightful owners solely control them.
Never, ever, share your password. Accounts with advanced permissions risk their permissions being revoked or account blocked due to violation of community trust andstandards on account sharing.
Click on "Preferences" at the top right-hand corner of the page and then click the "Change Password" button on the "User Profile" tab to access theSpecial:ChangePassword page.
Through thenotification system, you will be alerted when someone attempts and fails to log in to your account. Multiple alerts are bundled into one for an attempt from a new device/IP, but for a known device/IP, you get one alert for every 5 attempts.
If you receive this notification, don't worry! Your account is still secure. But even if you do have a strong password, you may want to change your password anyway, if you suspect that someone else has tried to access your account.
Information on what to do when your account has been compromised can be found atWikipedia:Compromised accounts § After being compromised.
In a nutshell, you can help Wikipedia block access to the account and prevent malicious behavior. Do not expect to be able to regain control of the account.
Wikipedia's "Log out" link logs out all the user's current sessions. If a logged-in device is lost or stolen, changing the password and logging out on another device may help to prevent future abuse of the account on the lost device.
On Wikipedia, only certain users (includingadministrators) can perform some actions. It is especially important that these privileged editors have strong passwords. Administrators,bureaucrats,checkusers,stewards andoversighters discovered to haveweak passwords, or to have had their accounts compromised by a malicious person, may have their accounts blocked and their privileges removed on grounds of site security. In certain circumstances, the revocation of privileges may be permanent. Discretion on resysopping temporarilydesysopped administrators is left to theArbitration Committee, provided they can determine that the administrator is back in control of the previously compromised account.
Two-factor authentication (2FA) strengthens the security of your user account by requiring more than just a password to access your account. As ofDecember 2025, 2FA is available to all registered users on Wikimedia projects. For instructions on how to enable and manage 2FA for your account, seemeta:Help:Two-factor_authentication.
For informal advice on personal security, including passwords, seeWikipedia:Personal security practices.
Users are encouraged toprovide an email address intheir preferences, as this enables them to reset their password via email if necessary. (Providing an email address also makes possible communications with other users via email; this can be disabled in preferences by unchecking the option "allow other users to email me".) Email alerts generated by theWikipedia:Notifications system can also be sent to your email address, such as "failed login attempts" and "login from an unfamiliar device" notifications (these two messages are on by default, but are configurable in thenotifications preferences).