Page MenuHomePhabricator

"passwordtoopopular" message string uses the incorrect term "more unique"
Closed, ResolvedPublic

Description

If you set the 'PasswordCannotBePopular' in the $wgPasswordPolicy for a group, MediaWiki will check a proposed new password against a blacklist of frequently-used passwords before allowing a new password to be set. This all works very well.

The problem is that if you choose a password in the blacklist, the message which appears (if you're set to use English-language messages) reads as follows:

Commonly chosen passwords cannot be used. Please choose a more unique password.

This is not correct usage. There are no degrees of uniqueness; one thing cannot be more unique than another. Something is either unique (meaning it is the only one of its kind), or it is not (if there are two or more examples). "Unique" means something fundamentally different than "unusual" or "uncommon" or "special".

Steps to reproduce:

  1. Be running an unmodified default installation of MediaWiki 1.29.1
  2. Enable the 'PasswordCannotBePopular' check in the configuration, for example by adding $wgPasswordPolicy['policies']['default']['PasswordCannotBePopular'] = PHP_INT_MAX; to the LocalSettings.php.
  3. Log in to the Wiki (as a user in the "default" group if using the above config).
  4. Go to the Special:ChangeCredentials page and select Password-based authentication.
  5. On the Change Crendentials page, enter a common word (e.g., "dragon") as the new and old password, then press Change crendentials.

Actual results:
You see an error message that makes no sense, because whomever wrote it does not know what "unique" means.


Expected results:
English-language message text that's actually proper English.

I would suggest an alternative wording to avoid the problem. Perhaps:

Commonly chosen passwords cannot be used. Please choose a password that is harder to guess.

The message in question is stored under the key 'passwordtoopopular' in languages/i18n/en.json. In MediaWiki 1.29.1, it is on line 490 of that file.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 28 2017, 7:51 PM
SourceQuench updated the task description. (Show Details)Sep 28 2017, 7:52 PM
Aklapper renamed this task from Usage error in English-language "passwordtoopopular" message string. to "passwordtoopopular" message string uses the incorrect term "more unique".Sep 29 2017, 9:35 AM
Tgr triaged this task as Low priority.Feb 28 2018, 6:29 AM
Tgr added projects: I18n, good first bug.

Another potential wording: Please choose a password that is more difficult to guess.

This replaces the proposed "harder" with "more difficult."

Change 420402 had a related patch set uploaded (by Framawiki; owner: Framawiki):
[mediawiki/core@master] Rewrite passwordtoopopular message

https://gerrit.wikimedia.org/r/420402

Change 420402 merged by jenkins-bot:
[mediawiki/core@master] Rewrite passwordtoopopular message

https://gerrit.wikimedia.org/r/420402

Framawiki closed this task as Resolved.Mar 19 2018, 8:52 PM