Tell users to use a unique password when creating an account and changing their password
Closed, ResolvedPublic


On it was suggested by User:°, that the instructions for creating an account/changing password, should instruct users to use a unique password, and not share across multiple websites.

Event Timeline

Bawolff raised the priority of this task from to Low.
Bawolff updated the task description. (Show Details)
Bawolff added a project: Security-Team.
Bawolff added subscribers: Aklapper, Bawolff, StudiesWorld.

Do we class this as a design issue?

Reedy renamed this task from Tell users to use a unique password when creating an account. to Tell users to use a unique password when creating an account.Oct 21 2019, 7:02 PM
Apap04 subscribed.

I'll give this a try..

Change 555012 had a related patch set uploaded (by Apap04; owner: Apap04):
[mediawiki/core@master] wip

Change 555012 abandoned by Apap04:

Bad branch, need to make new one.

Change 555601 had a related patch set uploaded (by Apap04; owner: Apap04):
[mediawiki/core@master] signup: added help message for security

Does this look fine? Tell me if the wording should be different.

Reedy renamed this task from Tell users to use a unique password when creating an account to Tell users to use a unique password when creating an account and changing their password.Dec 8 2019, 6:07 PM

With pwordbr:

Screenshot 2019-12-12 at 00.13.04.png (516×674 px, 56 KB)

Without pwordbr:

Screenshot 2019-12-12 at 00.13.46.png (484×648 px, 55 KB)

help-message from HTMLForm could be modified in a different patch so a bit of spacing is given at the bottom?

So in order to make this really useful, it should be a label element with a for attr in order for screen reader users to be clearly connected to the element.
See for example

This is also the correct styling of additional, secondary labels. Note the white-space connecting it visually to the first and related password input and not to the second.

Change 555601 merged by jenkins-bot:
[mediawiki/core@master] signup: added help message for security

(Seems to be resolved with that patch)

Change 674050 had a related patch set uploaded (by Reedy; owner: Apap04):
[mediawiki/core@REL1_35] signup: added help message for security

Change 674050 merged by jenkins-bot:
[mediawiki/core@REL1_35] signup: added help message for security