=== Configuration changes for system administrators in 1.34 ===
+In an effort to enforce best practices for passwords, MediaWiki will now warn
+users, and suggest that they change their password, if it is in the list of
+100,000 commonly used passwords that are considered bad passwords. If you want
+to disable this for your users, please add the following to your local settings:
+
+$wgPasswordPolicy['policies']['default']['PasswordNotInLargeBlacklist'] = false;
+
==== New configuration ====
* $wgAllowExternalReqID (T201409) - This configuration setting controls whether
Mediawiki accepts the request ID set by the incoming request via the
* Deprecated since 1.33. Use PasswordNotInLargeBlacklist instead.
* - PasswordNotInLargeBlacklist - Password not in best practices list of
* 100,000 commonly used passwords. Due to the size of the list this
- * is a probabilistic test.
+ * is a probabilistic test.
*
* If you add custom checks, for Special:PasswordPolicies to display them correctly,
* every check should have a corresponding passwordpolicies-policy-<check> message,
'bureaucrat' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'sysop' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'interface-admin' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'bot' => [
'MinimalPasswordLength' => 10,
'MinimumPasswordLengthToLogin' => 1,
- 'PasswordNotInLargeBlacklist' => true,
],
'default' => [
'MinimalPasswordLength' => [ 'value' => 1, 'suggestChangeOnLogin' => true ],
'PasswordCannotMatchUsername' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
'PasswordCannotMatchBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
'MaximalPasswordLength' => [ 'value' => 4096, 'suggestChangeOnLogin' => true ],
+ 'PasswordNotInLargeBlacklist' => [ 'value' => true, 'suggestChangeOnLogin' => true ],
],
],
'checks' => [