It was noticed that wiki accounts are being created with username patterns along the lines of "The password to this account is xxx". Some examples as noticed by @Bsadowski1:
There are plenty of clever ways to do abusive things like this where it becomes difficult for programmatic checks to be effective. But we should, at the very least, add a new password check similar to the existing PasswordCannotMatchUsername which checks for plain text passwords as substrings of the corresponding username.
Note: not entirely sure if this task should be private.