Hi folks,

This will possible break a lot of bots. Manual how to switch at https://www.mediawiki.org/wiki/Manual:Pywikibot/BotPasswords

One liner I use on Toolforge to test if it still works:
toolforge jobs run --image python3.11 --filelog-stdout logs/login.log --filelog-stderr logs/login.log --command "~/pyvenv/bin/python3 ~/pywikibot/pwb.py login.py -lang:commons -family:commons" login

Not really easy to see in Pywikibot if you use deprecated way of logging in so created https://phabricator.wikimedia.org/T396299 for that.

Maarten


-------- Forwarded Message --------
Subject: [Wikitech-l] Please update your bot is if is using (non-bot-)password-based login
Date: Wed, 4 Jun 2025 23:26:12 +0200
From: Gergo Tisza <gtisza@wikimedia.org>
Reply-To: Wikitech-l <wikitech-l@lists.wikimedia.org>
To: Wikimedia developers <wikitech-l@lists.wikimedia.org>


Hi!

Since the introduction of AuthManager in 2016, there are two officially supported authentication methods for bots:
action=login with a normal password has been deprecated for a decade, and action=clientlogin API was never supported for non-interactive login. Still, in the past, these methods worked most of the time - often enough that many bots kept using them.

This is going to change very soon as we are introducing more interactive challenges during login to improve account security. If your bot still uses one of the non-supported methods, please change it now. Usually this only requires generating a bot password via Special:BotPasswords and giving the bot that instead of your normal password.

For the change that prompted this email, see T395205. There will probably be more such changes in the future, and they won't be announced separately.

Thanks for your understanding, and for your help in evolving the Wikimedia developer ecosystem.