If you set the 'PasswordCannotBePopular' in the $wgPasswordPolicy for a group, MediaWiki will check a proposed new password against a blacklist of frequently-used passwords before allowing a new password to be set. This all works very well.
The problem is that if you choose a password in the blacklist, the message which appears (if you're set to use English-language messages) reads as follows:
Commonly chosen passwords cannot be used. Please choose a more unique password.
This is not correct usage. There are no degrees of uniqueness; one thing cannot be more unique than another. Something is either unique (meaning it is the only one of its kind), or it is not (if there are two or more examples). "Unique" means something fundamentally different than "unusual" or "uncommon" or "special".
Steps to reproduce:
- Be running an unmodified default installation of MediaWiki 1.29.1
- Enable the 'PasswordCannotBePopular' check in the configuration, for example by adding $wgPasswordPolicy['policies']['default']['PasswordCannotBePopular'] = PHP_INT_MAX; to the LocalSettings.php.
- Log in to the Wiki (as a user in the "default" group if using the above config).
- Go to the Special:ChangeCredentials page and select Password-based authentication.
- On the Change Crendentials page, enter a common word (e.g., "dragon") as the new and old password, then press Change crendentials.
You see an error message that makes no sense, because whomever wrote it does not know what "unique" means.
English-language message text that's actually proper English.
I would suggest an alternative wording to avoid the problem. Perhaps:
Commonly chosen passwords cannot be used. Please choose a password that is harder to guess.
The message in question is stored under the key 'passwordtoopopular' in languages/i18n/en.json. In MediaWiki 1.29.1, it is on line 490 of that file.