Last modified: 2013-06-26 04:04:17 UTC
When a user creates a new account, they only have to enter a space (haven't tried other special characters) to differentiate from entering the same password (without a space). Example: username: david wright password: davidwright is a legit entry for creating an account. Is this something you wish to have? I tried to attach pictures which you can see what I entered on the create a new account page and then the welcome page result. Unfortunately I don't see them added to this report. Please email a request to have me email to someone if interested.
Is https://www.mediawiki.org/wiki/Extension:AntiSpoof installed?
(In reply to comment #0) > I tried to attach pictures which you can see what I entered on the create a > new account page and then the welcome page result. Unfortunately I don't > see them added to this report. JA_Harrison: Looks like something went wrong, could you try again? See "Add an attachment" link on https://bugzilla.wikimedia.org/show_bug.cgi?id=46973 . Also, could you answer comment 1 and also tell us which MediaWiki version this refers to? Thanks!
Created attachment 12051 [details] dup user name & password This attachment was meant for another bug report but you can see what happened.
I did use the new UI: http://toro.wmflabs.org/wiki/Special:UserLogin?useAgora=1 for testing.
(In reply to comment #3) > Created attachment 12051 [details] > dup user name & password Please attach images as image files, not embedded into Office files.
Yes, the password checking is quite simplistic. A few username+password combinations are blocked, your password can't be the same as your lowercase username, and it must be longer than $wgMinimalPasswordLength (which defaults to 1 character!). An extension could beef it up, but it would be better to have an interactive password strength meter.