And yes, I did read https://we.phorge.it/book/phorge/article/tone/ before filing this patch. You are welcome to berate me (and by extension Verdy_p on translatewiki.net, although they've been blocked there so the chance of them seeing anything you say is low) anyway.

Well, I understand why this patch completely removes that joke.

If the root problem is that somebody may think it's not a joke, maybe we can just clarify.

Kind of:

-After you set a new password, consider writing it down on a sticky note and attaching it to your monitor so you don't
+Oh, have you that (bad) friend that writes ....? ... Well. That company was closed. So, keep your secrets, as secrets.

Or something like that. Be creative.

Agree the current non-serious language needs updated. Maybe something like,

“Promise not to forget your next password we’ll let you reset it here: {link}”

In D25671#18360, @speck wrote:

Agree the current non-serious language needs updated.

Though, I’d guess Phab/Phorge will actually reject these short passwords.

In D25671#18362, @speck wrote:

In D25671#18360, @speck wrote:

Agree the current non-serious language needs updated.

Though, I’d guess Phab/Phorge will actually reject these short passwords.

It will. There's a configurable minimum password length, and also a hardcoced password blacklist at https://we.phorge.it/source/phorge/browse/master/externals/wordlist/password.lst

Abiding by the law of triviality, after nine meetings the Working Group that I set up for this task came up with this proposal:

After setting a new password, consider writing it down on a sticky note and attaching it to your monitor so others can impersonate you at any time. Choosing a short, easy-to-remember password "like \"cat\" or \"1234\" might also help to get your machine hacked, your bank account emptied, or your company ruined.\n\nBest Wishes,\nPhorge\n

As usual, Poe's law applies.

Wanna cook up a new revision here, or should I create a separate patch? :)

I like the change in language here, but maybe a total rewrite of the text is better. My take:

When setting a new password. please keep it safe, using a trustworthy password manager and a randomly generated password.
We thank you, your administrator thanks you, and you'll thank yourself in the future.

In the unlikely event you that absolutely don't intend to keep it safe at all, you might choose instead, to:

• Write it down on a sticky note, put it on your monitor, and hope nobody else uses it on %s.
• Use the same password you've already used, especially for your e-mail and bank account.
• Use easy-to-remember, easy-to-guess passwords, like "12345abcde".

Modern security advice considers these practices "a bad idea".
If you're already doing any of these, here or elsewhere, you might want to consider the account compromised.

I understand the points. Third proposal, starting with useful tips (good idea), and shorter:

When setting a new password, it should be new, unique, strong, and random. Keep it safe, only using a trustworthy password manager.
Also, please remember these boring security practices, straight from the 1980s:

1. Your monitor should not have a yellow sticky note, with your password on it.
2. Your e-mail, your social networks, your bank, your %s, your nuclear armament, should all have very-different passwords.
3. If you are out of imagination, use a strong password generator. But please, please, please, avoid smart ideas like "1234asdf".