So the message says: "There has been *a failed attempt* to log in to your account from a new device. Please make sure your account has a strong password.
Now I've seen a lot of people during this last bruteforce run interpret this message as:
- My password was guessed
- OR my password has been judged too weak
- THUS I MUST change it.
People interpret it is an imperative mood: instructive instead of advisory. People who said "I already had a randomly generated password but I created a new even longer randomly generated password"
This seems especially caused by the action connected to it: "Change password" that seems to be the key. Better would be if it could be something like "Test password strength" (if we actually had that option) etc etc.
Ideas for improving the wording welcomed.