Translations:Manual:$wgChangeCredentialsBlacklist/5/en

This is only enforced on the client level; AuthManager itself (e.g. AuthManager::allowsAuthenticationDataChange calls) is not affected.