It was noticed that wiki accounts are being created with username patterns along the lines of "The password to this account is xxx". Some examples as noticed by @Bsadowski1:
# [[ https://en.wikipedia.org/wiki/Special:Contributions/The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister | The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister ]]
# [[ https://meta.wikimedia.org/wiki/Special:Contributions/The_password_to_this_account_is_nnnnnnn | The_password_to_this_account_is_nnnnnnn ]]
# [[ https://en.wikipedia.org/wiki/Special:Contributions/My_password_is_literally_just_password | My_password_is_literally_just_password ]]
There are plenty of [[ https://en.wikipedia.org/wiki/User:Jackfreeman69s_password_is_sandwich69 | clever ways to do abusive things like this ]] in ways that become difficult for automated checks to be effective, but we should, at the very least, add a new password check similar to the existing `PasswordCannotMatchUsername` which checks for plain text passwords as substrings of the corresponding username.