Things that should probably have elevated security (i.e. require reauthentication):
- T197137: Editing sitewide JS/CSS pages should require elevated security
- T197150: User right changes should require elevated security
- T194237: bot passwords should call checkLoginSecurityLevel
- T208008: Consumer owner-only oauth proposals should require reauth
- T197158: CheckUser should require elevated security
Other improvements that might be needed to make reauthentication safe / non-annoying:
- T197130: Document MediaWiki elevated security feature
- T168557: "Keep me logged in" check box shouldn't be shown when a logged-in user is being verified
- T197153: Make some providers optional for reauthentication
- T208823: Support asynchronous reauthentication
- T210909: Introduce secure mode to MediaWiki