Change Details

It was noticed that wiki accounts are being created with username patterns along the lines of "The password to this account is xxx". Some examples as noticed by @Bsadowski1: # [[ https://en.wikipedia.org/wiki/Special:Contributions/The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister | The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister ]] # [[ https://meta.wikimedia.org/wiki/Special:Contributions/The_password_to_this_account_is_nnnnnnn | The_password_to_this_account_is_nnnnnnn ]] # [[ https://en.wikipedia.org/wiki/Special:Contributions/My_password_is_literally_just_password | My_password_is_literally_just_password ]] There are plenty of [[ https://en.wikipedia.org/wiki/User:Jackfreeman69s_password_is_sandwich69 | clever ways to do abusive things like this ]] in ways that become difficult for automated checks to be effective, but we should, at the very least, add a new password check similar to the existing `PasswordCannotMatchUsername` which checks for plain text passwords as substrings of the corresponding username.

It was noticed that wiki accounts are being created with username patterns along the lines of "The password to this account is xxx". Some examples as noticed by @Bsadowski1: # [[ https://en.wikipedia.org/wiki/Special:Contributions/The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister | The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister ]] # [[ https://meta.wikimedia.org/wiki/Special:Contributions/The_password_to_this_account_is_nnnnnnn | The_password_to_this_account_is_nnnnnnn ]] # [[ https://en.wikipedia.org/wiki/Special:Contributions/My_password_is_literally_just_password | My_password_is_literally_just_password ]] There are plenty of [[ https://en.wikipedia.org/wiki/User:Jackfreeman69s_password_is_sandwich69 | clever ways to do abusive things like this ]] where it becomes difficult for automated checks to be effective. But we should, at the very least, add a new password check similar to the existing `PasswordCannotMatchUsername` which checks for plain text passwords as substrings of the corresponding username.

It was noticed that wiki accounts are being created with username patterns along the lines of "The password to this account is xxx". Some examples as noticed by @Bsadowski1: # [[ https://en.wikipedia.org/wiki/Special:Contributions/The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister | The_password_to_this_account_is_aedanlorfinkhasamajorcrushonpauldohertyssister ]] # [[ https://meta.wikimedia.org/wiki/Special:Contributions/The_password_to_this_account_is_nnnnnnn | The_password_to_this_account_is_nnnnnnn ]] # [[ https://en.wikipedia.org/wiki/Special:Contributions/My_password_is_literally_just_password | My_password_is_literally_just_password ]] There are plenty of [[ https://en.wikipedia.org/wiki/User:Jackfreeman69s_password_is_sandwich69 | clever ways to do abusive things like this ]] in ways thawhere it becomes difficult for automated checks to be effective, b. But we should, at the very least, add a new password check similar to the existing `PasswordCannotMatchUsername` which checks for plain text passwords as substrings of the corresponding username.