From: Tim Düsterhus <duesterhus@woltlab.com>
Date: Thu, 16 Jul 2020 12:33:54 +0000 (+0200)
Subject: Remove register_password_* options in favor of password_min_score
X-Git-Tag: 5.3.0_Alpha_1~76^2~10
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3e8428422cf3fec5ef463e597450e252e7588e47;p=GitHub%2FWoltLab%2FWCF.git

Remove register_password_* options in favor of password_min_score

see #3378
---

diff --git a/com.woltlab.wcf/option.xml b/com.woltlab.wcf/option.xml
index 967d643ddd..a4db2a4d55 100644
--- a/com.woltlab.wcf/option.xml
+++ b/com.woltlab.wcf/option.xml
@@ -1166,36 +1166,12 @@ XING</selectoptions>
 				<optiontype>textarea</optiontype>
 			</option>
 			<!-- /message.censorship -->
-			<option name="register_enable_password_security_check">
+			<option name="password_min_score">
 				<categoryname>user.password</categoryname>
-				<optiontype>boolean</optiontype>
-				<enableoptions>register_password_min_length,register_password_must_contain_lower_case,register_password_must_contain_upper_case,register_password_must_contain_digit,register_password_must_contain_special_char</enableoptions>
-			</option>
-			<option name="register_password_min_length">
-				<categoryname>user.password</categoryname>
-				<optiontype>integer</optiontype>
-				<defaultvalue>8</defaultvalue>
-				<minvalue>0</minvalue>
-				<suffix>chars</suffix>
-			</option>
-			<option name="register_password_must_contain_lower_case">
-				<categoryname>user.password</categoryname>
-				<optiontype>boolean</optiontype>
-				<defaultvalue>1</defaultvalue>
-			</option>
-			<option name="register_password_must_contain_upper_case">
-				<categoryname>user.password</categoryname>
-				<optiontype>boolean</optiontype>
-				<defaultvalue>1</defaultvalue>
-			</option>
-			<option name="register_password_must_contain_digit">
-				<categoryname>user.password</categoryname>
-				<optiontype>boolean</optiontype>
-				<defaultvalue>1</defaultvalue>
-			</option>
-			<option name="register_password_must_contain_special_char">
-				<categoryname>user.password</categoryname>
-				<optiontype>boolean</optiontype>
+				<optiontype>select</optiontype>
+				<selectoptions>0:wcf.acp.option.password_min_score.0
+1:wcf.acp.option.password_min_score.1
+2:wcf.acp.option.password_min_score.2</selectoptions>
 				<defaultvalue>1</defaultvalue>
 			</option>
 			<!-- /user.password -->
@@ -1764,5 +1740,11 @@ DESC:wcf.global.sortOrder.descending</selectoptions>
 	<delete>
 		<option name="attachment_enable_thumbnails" />
 		<option name="message_sidebar_enable_user_online_marking" />
+		<option name="register_enable_password_security_check" />
+		<option name="register_password_min_length" />
+		<option name="register_password_must_contain_lower_case" />
+		<option name="register_password_must_contain_upper_case" />
+		<option name="register_password_must_contain_digit" />
+		<option name="register_password_must_contain_special_char" />
 	</delete>
 </data>
diff --git a/constants.php b/constants.php
index 7c526ea940..3c4b10db4d 100644
--- a/constants.php
+++ b/constants.php
@@ -142,11 +142,7 @@ define('IMAGE_PROXY_HOST_WHITELIST', '');
 define('ENABLE_CENSORSHIP', 0);
 define('CENSORED_WORDS', '');
 define('REGISTER_ENABLE_PASSWORD_SECURITY_CHECK', 0);
-define('REGISTER_PASSWORD_MIN_LENGTH', 8);
-define('REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE', 1);
-define('REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE', 1);
-define('REGISTER_PASSWORD_MUST_CONTAIN_DIGIT', 1);
-define('REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR', 1);
+define('PASSWORD_MIN_SCORE', 1);
 define('REGISTER_FORBIDDEN_USERNAMES', '');
 define('REGISTER_FORBIDDEN_EMAILS', '');
 define('REGISTER_ALLOWED_EMAILS', '');
diff --git a/wcfsetup/install/files/lib/system/WCF.class.php b/wcfsetup/install/files/lib/system/WCF.class.php
index 683455934d..e003732463 100644
--- a/wcfsetup/install/files/lib/system/WCF.class.php
+++ b/wcfsetup/install/files/lib/system/WCF.class.php
@@ -376,6 +376,14 @@ class WCF {
 		// https://github.com/WoltLab/WCF/issues/3330
 		define('MESSAGE_SIDEBAR_ENABLE_USER_ONLINE_MARKING', 1);
 		
+		// Password strength configuration is deprecated since 5.3.
+		define('REGISTER_ENABLE_PASSWORD_SECURITY_CHECK', 0);
+		define('REGISTER_PASSWORD_MIN_LENGTH', 0);
+		define('REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE', 8);
+		define('REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE', 0);
+		define('REGISTER_PASSWORD_MUST_CONTAIN_DIGIT', 0);
+		define('REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR', 0);
+		
 		$filename = WCF_DIR.'options.inc.php';
 		
 		// create options file if doesn't exist
diff --git a/wcfsetup/install/files/lib/util/UserRegistrationUtil.class.php b/wcfsetup/install/files/lib/util/UserRegistrationUtil.class.php
index 4b11b064f2..9cdab3c8d6 100644
--- a/wcfsetup/install/files/lib/util/UserRegistrationUtil.class.php
+++ b/wcfsetup/install/files/lib/util/UserRegistrationUtil.class.php
@@ -69,21 +69,11 @@ final class UserRegistrationUtil {
 	}
 	
 	/**
-	 * Returns true if the given password is secure.
+	 * Always returns true.
 	 * 
-	 * @param	string		$password
-	 * @return	boolean
+	 * @deprecated	5.3 - Take a look at the zxcvbn verdict from WoltLabSuite/Core/Ui/User/PasswordStrength.
 	 */
 	public static function isSecurePassword($password) {
-		if (REGISTER_ENABLE_PASSWORD_SECURITY_CHECK) {
-			if (mb_strlen($password) < REGISTER_PASSWORD_MIN_LENGTH) return false;
-			
-			if (REGISTER_PASSWORD_MUST_CONTAIN_DIGIT && !preg_match('![0-9]+!', $password)) return false;
-			if (REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE && !preg_match('![a-z]+!', $password)) return false;
-			if (REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE && !preg_match('![A-Z]+!', $password)) return false;
-			if (REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR && !preg_match('![^A-Za-z0-9]+!', $password)) return false;
-		}
-		
 		return true;
 	}
 	
@@ -94,34 +84,7 @@ final class UserRegistrationUtil {
 	 * @return	string
 	 */
 	public static function getPasswordRulesAttributeValue() {
-		if (REGISTER_ENABLE_PASSWORD_SECURITY_CHECK) {
-			$rules = '';
-			
-			if (REGISTER_PASSWORD_MIN_LENGTH) {
-				$rules .= 'minlength:'.REGISTER_PASSWORD_MIN_LENGTH.';';
-			}
-			
-			if (REGISTER_PASSWORD_MUST_CONTAIN_DIGIT) {
-				$rules .= 'required:digit;';
-			}
-			
-			if (REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE) {
-				$rules .= 'required:lower;';
-			}
-			
-			if (REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE) {
-				$rules .= 'required:upper;';
-			}
-			
-			if (REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR) {
-				$rules .= 'required:special;';
-			}
-		}
-		else {
-			$rules = "minlength:8;";
-		}
-		
-		return $rules;
+		return "minlength:8;";
 	}
 	
 	/**
diff --git a/wcfsetup/install/lang/de.xml b/wcfsetup/install/lang/de.xml
index c29fe1b70e..b2872c2b9a 100644
--- a/wcfsetup/install/lang/de.xml
+++ b/wcfsetup/install/lang/de.xml
@@ -1468,13 +1468,11 @@ ACHTUNG: Die oben genannten Meldungen sind stark gekürzt. Sie können Details z
 		<item name="wcf.acp.option.module_user_rank"><![CDATA[Benutzerränge]]></item>
 		<item name="wcf.acp.option.module_user_signature"><![CDATA[Signaturen]]></item>
 		<item name="wcf.acp.option.module_team_page"><![CDATA[Team-Seite]]></item>
-		<item name="wcf.acp.option.register_enable_password_security_check"><![CDATA[Sicherheitsüberprüfung aktivieren]]></item>
-		<item name="wcf.acp.option.register_enable_password_security_check.description"><![CDATA[Kennwörter werden auf ihre Sicherheit geprüft. Unsichere Kennwörter werden abgelehnt.]]></item>
-		<item name="wcf.acp.option.register_password_min_length"><![CDATA[Minimale Kennwortlänge]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_digit"><![CDATA[Kennwort muss Zahlen enthalten]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_lower_case"><![CDATA[Kennwort muss Kleinbuchstaben enthalten]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_special_char"><![CDATA[Kennwort muss Sonderzeichen enthalten]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_upper_case"><![CDATA[Kennwort muss Großbuchstaben enthalten]]></item>
+		<item name="wcf.acp.option.password_min_score"><![CDATA[Sicherheitslevel]]></item>
+		<item name="wcf.acp.option.password_min_score.description"><![CDATA[„Score“-Wert der <a href="https://github.com/dropbox/zxcvbn" class="externalURL">zxcvbn-Bibliothek</a>, den Kennwörter mindestens erreichen müssen.]]></item>
+		<item name="wcf.acp.option.password_min_score.0"><![CDATA[0: Deaktiviert]]></item>
+		<item name="wcf.acp.option.password_min_score.1"><![CDATA[1: Sehr leicht zu erraten (Eine Million Versuche)]]></item>
+		<item name="wcf.acp.option.password_min_score.2"><![CDATA[2: Leicht zu erraten (100 Millionen Versuche)]]></item>
 		<item name="wcf.acp.option.register_forbidden_usernames"><![CDATA[Reservierte Namen]]></item>
 		<item name="wcf.acp.option.register_forbidden_usernames.description"><![CDATA[Namen, die nicht als Benutzername verwendet werden dürfen. Ein Name pro Zeile]]></item>
 		<item name="wcf.acp.option.register_forbidden_emails"><![CDATA[Reservierte E-Mail-Adressen]]></item>
@@ -4538,13 +4536,7 @@ Dateianhänge:
 		<item name="wcf.user.styles"><![CDATA[Stile]]></item>
 		<item name="wcf.user.style.description"><![CDATA[Stil der Benutzeroberfläche]]></item>
 		<item name="wcf.user.username.description"><![CDATA[Der Benutzername muss mindestens {REGISTER_USERNAME_MIN_LENGTH} und darf maximal {REGISTER_USERNAME_MAX_LENGTH} Zeichen lang sein.]]></item>
-		<item name="wcf.user.password.description"><![CDATA[{if REGISTER_ENABLE_PASSWORD_SECURITY_CHECK}Das Kennwort muss aus Sicherheitsgründen mindestens {REGISTER_PASSWORD_MIN_LENGTH} Zeichen lang sein{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
-		*} und {*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}kleine Buchstaben{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}große Buchstaben{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}Zahlen{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} und {/if}Sonderzeichen{/if} {*
-		*}enthalten{/if}.{else}Ein sicheres Kennwort sollte mindestens 8 Zeichen lang sein.{/if}]]></item>
+		<item name="wcf.user.password.description"><![CDATA[Ein sicheres Kennwort sollte mindestens 10 Zeichen lang sein.]]></item>
 		<item name="wcf.user.lostPassword"><![CDATA[Kennwort vergessen]]></item>
 		<item name="wcf.user.lostPassword.description"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Wenn du dein Kennwort vergessen hast, musst du entweder den Benutzernamen oder die E-Mail-Adresse angeben, die du in deinem Profil hinterlegt hast. Du kannst dabei nur eines der beiden Felder ausfüllen. Wenn du beide Daten nicht mehr weißt, wende dich bitte an den Administrator.{else}Wenn Sie Ihr Kennwort vergessen haben, müssen Sie entweder den Benutzernamen oder die E-Mail-Adresse angeben, die Sie in Ihrem Profil hinterlegt haben. Sie können dabei nur eines der beiden Felder ausfüllen. Wenn Sie beide Daten nicht mehr wissen, wenden Sie sich bitte an den Administrator.{/if}]]></item>
 		<item name="wcf.user.lostPassword.email.error.notFound"><![CDATA[Es wurde kein Benutzer mit der E-Mail-Adresse: „{$email}“ gefunden.]]></item>
@@ -4594,13 +4586,7 @@ dann wird diese Anfrage am {$mailbox->getUser()->lastLostPasswordRequestTime+864
 		<item name="wcf.user.quit.success"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Dein{else}Ihr{/if} Benutzerkonto wird am {TIME_NOW+7*86400|date} gelöscht. Bis dahin {if LANGUAGE_USE_INFORMAL_VARIANT}kannst du{else}können Sie{/if} die Löschung auf dieser Seite abbrechen.]]></item>
 		<item name="wcf.user.quit.cancel.success"><![CDATA[Die Löschung {if LANGUAGE_USE_INFORMAL_VARIANT}deines{else}Ihres{/if} Benutzerkontos wurde erfolgreich abgebrochen.]]></item>
 		<item name="wcf.user.emailActivation"><![CDATA[Neue E-Mail-Adresse aktivieren]]></item>
-		<item name="wcf.user.password.error.notSecure"><![CDATA[Das Kennwort muss aus Sicherheitsgründen mindestens {REGISTER_PASSWORD_MIN_LENGTH} Zeichen lang sein{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
-		*} und {*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}kleine Buchstaben{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}große Buchstaben{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} und{/if} {/if}Zahlen{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} und {/if}Sonderzeichen{/if} {*
-		*}enthalten{/if}.]]></item>
+		<item name="wcf.user.password.error.notSecure"><![CDATA[Bitte {if LANGUAGE_USE_INFORMAL_VARIANT}wähle{else}wählen Sie{/if} ein sichereres Kennwort aus.]]></item>
 		<item name="wcf.user.changeUsername.success"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Dein{else}Ihr{/if} Benutzername wurde erfolgreich geändert.]]></item>
 		<item name="wcf.user.changeEmail.success"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Deine{else}Ihre{/if} E-Mail-Adresse wurde erfolgreich geändert.]]></item>
 		<item name="wcf.user.changeEmail.needReactivation"><![CDATA[{if LANGUAGE_USE_INFORMAL_VARIANT}Deine{else}Ihre{/if} neue E-Mail-Adresse{if $newEmail|isset} („{$newEmail}“){/if} muss noch aktiviert werden. Dazu wurde eine E-Mail mit einem Aktivierungslink an die neue Adresse gesandt. {if LANGUAGE_USE_INFORMAL_VARIANT}Du musst{else}Sie müssen{/if} diesen Aktivierungslink aufrufen, um die neue E-Mail-Adresse zu aktivieren.]]></item>
diff --git a/wcfsetup/install/lang/en.xml b/wcfsetup/install/lang/en.xml
index 6c7d81b8d8..74915c226c 100644
--- a/wcfsetup/install/lang/en.xml
+++ b/wcfsetup/install/lang/en.xml
@@ -1447,13 +1447,11 @@ ATTENTION: The messages listed above are greatly shortened. You can view details
 		<item name="wcf.acp.option.module_user_rank"><![CDATA[User ranks]]></item>
 		<item name="wcf.acp.option.module_user_signature"><![CDATA[Signatures]]></item>
 		<item name="wcf.acp.option.module_team_page"><![CDATA[Staff list]]></item>
-		<item name="wcf.acp.option.register_enable_password_security_check"><![CDATA[Enable password validation]]></item>
-		<item name="wcf.acp.option.register_enable_password_security_check.description"><![CDATA[Password complexity will be validated, unsafe passwords will be rejected.]]></item>
-		<item name="wcf.acp.option.register_password_min_length"><![CDATA[Minimum Password Length]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_digit"><![CDATA[Password must contain digits]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_lower_case"><![CDATA[Password must contain lowercase characters]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_special_char"><![CDATA[Password must contain special characters]]></item>
-		<item name="wcf.acp.option.register_password_must_contain_upper_case"><![CDATA[Password must contain uppercase characters]]></item>
+		<item name="wcf.acp.option.password_min_score"><![CDATA[Security Level]]></item>
+		<item name="wcf.acp.option.password_min_score.description"><![CDATA[“Score” value of the <a href="https://github.com/dropbox/zxcvbn" class="externalURL">zxcvbn library</a> that passwords need to achive.]]></item>
+		<item name="wcf.acp.option.password_min_score.0"><![CDATA[0: Disabled]]></item>
+		<item name="wcf.acp.option.password_min_score.1"><![CDATA[1: Very guessable (1 million attempts)]]></item>
+		<item name="wcf.acp.option.password_min_score.2"><![CDATA[2: Somewhat guessable (100 million attempts)]]></item>
 		<item name="wcf.acp.option.register_forbidden_usernames"><![CDATA[Reserved Usernames]]></item>
 		<item name="wcf.acp.option.register_forbidden_usernames.description"><![CDATA[You can specify which usernames are unavailable for registration. Enter one username per line.]]></item>
 		<item name="wcf.acp.option.register_forbidden_emails"><![CDATA[Reserved Email Addresses]]></item>
@@ -4539,12 +4537,7 @@ Attachments:
 		<item name="wcf.user.styles"><![CDATA[Styles]]></item>
 		<item name="wcf.user.style.description"><![CDATA[Forces a specific style instead of the default one.]]></item>
 		<item name="wcf.user.username.description"><![CDATA[Username must be {REGISTER_USERNAME_MIN_LENGTH} up to {REGISTER_USERNAME_MAX_LENGTH} characters long.]]></item>
-		<item name="wcf.user.password.description"><![CDATA[{if REGISTER_ENABLE_PASSWORD_SECURITY_CHECK}Due to security reasons every password must be at least {REGISTER_PASSWORD_MIN_LENGTH} characters long{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
-		*} and contain {*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}lower-case letters{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}upper-case letters{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}digits{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} and {/if}special chars{/if}{/if}.{else}A secure password should be at least 8 characters long.{/if}]]></item>
+		<item name="wcf.user.password.description"><![CDATA[A secure password should be at least 10 characters long.]]></item>
 		<item name="wcf.user.lostPassword"><![CDATA[Lost Password]]></item>
 		<item name="wcf.user.lostPassword.description"><![CDATA[You must provide your username or email address to request a new password. Contact the site’s administrator if you need assistance.]]></item>
 		<item name="wcf.user.lostPassword.email.error.notFound"><![CDATA[“{$email}” is not used by any account.]]></item>
@@ -4591,12 +4584,7 @@ the website <a href="{link isHtmlEmail=true}{/link}">{@PAGE_TITLE|language}</a>.
 		<item name="wcf.user.quit.success"><![CDATA[Your user account will be deleted on {TIME_NOW+7*86400|date}. During this time period you can abort the deletion on this page.]]></item>
 		<item name="wcf.user.quit.cancel.success"><![CDATA[The account deletion has been aborted.]]></item>
 		<item name="wcf.user.emailActivation"><![CDATA[Verify New Email Address]]></item>
-		<item name="wcf.user.password.error.notSecure"><![CDATA[Due to security reasons, every password must be at least {REGISTER_PASSWORD_MIN_LENGTH} characters long{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{*
-		*} and contain {*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}lower-case letters{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT || REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}upper-case letters{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_DIGIT}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR},{else} and{/if} {/if}digits{/if}{*
-		*}{if REGISTER_PASSWORD_MUST_CONTAIN_SPECIAL_CHAR}{if REGISTER_PASSWORD_MUST_CONTAIN_LOWER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_UPPER_CASE || REGISTER_PASSWORD_MUST_CONTAIN_DIGIT} and {/if}special chars{/if}{/if}.]]></item>
+		<item name="wcf.user.password.error.notSecure"><![CDATA[Please select a more secure password.]]></item>
 		<item name="wcf.user.changeUsername.success"><![CDATA[The username has been changed.]]></item>
 		<item name="wcf.user.changeEmail.success"><![CDATA[The email address has been changed.]]></item>
 		<item name="wcf.user.changeEmail.needReactivation"><![CDATA[Your new email address{if $newEmail|isset} (“{$newEmail}”){/if} must be verified first. You should have received an email which was sent to your new email address containing an activation link. Open the link to verify your new email address.]]></item>