Last modified: 2014-02-12 23:35:49 UTC
I think that in MediaWiki should be setting to disable field "Retype password" in "Create account", e.g. https://ru.wikipedia.org/wiki/Special:UserLogin/signup?uselang=en. This can be a feature in that cases, when https://www.mediawiki.org/wiki/Manual:$wgEmailConfirmToEdit is enabled or wiki has a "Show password" feature, e.g. https://github.com/NV/show-password-on-focus.js (also see http://uxdesign.smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form/).
anyway, showing password is very insecure.
(In reply to comment #0) > This can be a feature in that cases, when $wgEmailConfirmToEdit is enabled I don't really see the connection, or would the password always be included in that email and that's why you wouldn't have to enter it twice? > or wiki has a "Show password" feature When would that be a case? Is there such a setting in MediaWiki?
(In reply to comment #1) > anyway, showing password is very insecure. Mmm. With JavaScript and only on focus or with special checkbox? No. > When would that be a case? Is there such a setting in MediaWiki? This setting can be added and without manipulations with code of MediaWiki.
Still I don't see a reason yet why to disable that field. Which problem would you like to solve exactly?
(In reply to comment #2) > (In reply to comment #0) > > This can be a feature in that cases, when $wgEmailConfirmToEdit is enabled > > I don't really see the connection, or would the password always be included > in that email and that's why you wouldn't have to enter it twice? Presumably, the idea is that if you must enter an email to signup (wgEmailConfirmToEdit), you can reset your password. Thus, mistyping your password when signing up isn't a big problem (but needing to reset is still annoying). FWIW, I have caught password errors through this feature (retyping) on other sites, so I find it useful.