End user confusion with error message

[j15e]

Hello,

We get some report by our end users that they don't get that they CANNOT re-use that password 🙃

So I would suggest we change the error message wording from:

has previously appeared in a data breach and should not be used

To something more authoritative like:

has previously appeared in a data breach and cannot be used again

Or:

has previously appeared in a data breach, please choose another password

Or even more clear:

Your password appeared in a data breach and is not safe. Please choose another password.

Or perhaps the user does not really need to know anything about data breaches?

 The password you entered is not safe. Please choose another password.

What do you think?

[philnash]

Ah, that's interesting. Definitely hate to cause user confusion.

You can update the error message in your own app by overriding the message in the locale yaml file in your own app. The keys are, in english for example:

en:
  errors:
    messages:
      not_pwned:

I'll update the message.