Change Details

NOTE: This work status is pending, depending upon the outcome of conversations with Security. As a product manager, I want to remove any notifications associated with incorrect or incomplete information on Special:PasswordReset, so that we can provide a more secure and private experience for users. Background: We have decided to update some of the behavior associated with password resets to enhance security. We have outlined our proposal in T237755. This is one of the outcomes of the proposal. **Acceptance Criteria:** * If any user submits any information on Special:PasswordReset (i.e., data for username or email address), they should be redirected to the message screen * This applies regardless of whether PRU is enabled, and regardless of whether the information entered is valid or invalid in the system * Exception #1: If the user submits a username without characters accepted by Wikimedia, then they should be prevented from completing the form * Exception #2: If the user submits an email address without the @ symbol or other basic requirements of email, then they should be prevented from completing the form

NOTE: This work status is pending, depending upon the outcome of conversations with Security, as detailed in T237755. As a product manager, I want to remove any notifications associated with incorrect or incomplete information on Special:PasswordReset, so that we can provide a more secure and private experience for users. **Acceptance Criteria:** * If any user submits any information on Special:PasswordReset (i.e., data for username or email address), they should be redirected to the message screen * This applies regardless of whether PRU is enabled, and regardless of whether the information entered is valid or invalid in the system * Exception #1: If the user submits a username without characters accepted by Wikimedia, then they should be prevented from completing the form * Exception #2: If the user submits an email address without the @ symbol or other basic requirements of email, then they should be prevented from completing the form Visual Example: {F31327695}

NOTE: This work status is pending, depending upon the outcome of conversations with Security, as detailed in T237755. As a product manager, I want to remove any notifications associated with incorrect or incomplete information on Special:PasswordReset, so that we can provide a more secure and private experience for users. Background: We have decided to update some of the behavior associated with password resets to enhance security. We have outlined our proposal in T237755. This is one of the outcomes of the proposal. **Acceptance Criteria:** * If any user submits any information on Special:PasswordReset (i.e., data for username or email address), they should be redirected to the message screen * This applies regardless of whether PRU is enabled, and regardless of whether the information entered is valid or invalid in the system * Exception #1: If the user submits a username without characters accepted by Wikimedia, then they should be prevented from completing the form * Exception #2: If the user submits an email address without the @ symbol or other basic requirements of email, then they should be prevented from completing the form Visual Example: {F31327695}