Template:Committed identity

Instructions: to give yourself a committed identity tag, go to this site, and enter in the text box a string that specifies your real-life identity, then click "calculate hash". Then put {{User committed identity|output}} on your user page, where output is the value appearing in the "SHA-1 hash:" box after the hash is calculated. Be sure to note the exact string you enter into the form, in case you need to use it later. It is important that this string be both easily remembered exactly by you and hard to guess by any intruder - if an intruder knows the secret string, then this is useless. One's username is public and guessable; one's password is not a good choice either, as in the event of a compromised account, the password may have been guessed.

To reveal your committed identity to someone, give them the exact string you entered into the box. They can then compute the SHA-1 hash of that same string and verify that it is the same result.

Choosing a good string

1. Your string should not be easy to guess. If you haven't openly declared your real-life identity on Wikipedia, then any string specifying your real-life identity is a good string. If you have openly declared who you are, your string should specify more information that wouldn't be easy to guess. If your string is easy to guess, then the fact that you know the string may not be very persuasive.
2. Your string should specify enough of your identity that, if the string were revealed, you could unambiguously prove you match that identity. For instance, your string could include a telephone number or email address at which you can be reached.
3. Try not to choose a string that represents your identity that could go completely out of date. So, for instance, it may be bad to choose a string that specifies only your telephone number as your number might change.
4. If you want to change your string, do so, but keep track of all your old secret strings. It is best to reveal all of them if you ever want to confirm your identity, as this will establish that you are the same person who used your account from the first moment the committed identity was published.
5. Your string should not be short: at least 15 characters. A dedicated attacker could, by brute force, try strings until they find your secret string, but if your string is long enough, that attack would take too long to be practical. If your string is at least 15 characters long, there are around 10²⁷ strings of that length, or a thousand trillion trillion (and that's just counting alphanumeric strings with spaces).

Why?

The intended use of this template is to help in the (hopefully unlikely) event that your account is compromised. If you published your real-life identity, then that identity could be used to reestablish contact with you if your account were compromised (keep in mind, contact cannot be established with you through your account, since it may be under the control of someone else). However, many Wikipedia users do not disclose their real-life identities, or disclose little enough of them that it may be difficult to establish their identity.

This is not a replacement for having a strong password. You should still do everything you can to prevent your account being compromised, including using a strong password and remembering to log yourself out when using a computer others may have access to. But even if you do everything right, it is still possible that your account could become corrupted, for instance, via a trojan horse or a brute-force attack on your password.

This template categorizes pages it is used on into Category:Wikipedians with committed identities.