Account creation user experience/Usernames

This subpage describes how usernames are dealt with by the English Wikipedia account creation process.

Usernames must comply with the technical limitations set out in...

1. $wgInvalidUsernameCharacters
2. Extension:AntiSpoof
3. Title blacklist and MediaWiki:Titleblacklist (because usernames are also page titles)
4. $wgLegalTitleChars

These entail that...

• It may not already exist, of course, including in SUL.
• It may not be more than 235 bytes long. This is less than $wgMaxNameChars to avoid unreachable subpages such as User_talk:Username/monobook.css (bug 23080).
• enwiki's MediaWiki:Titleblacklist restricts username to be no more than 40 characers (.{40,} so wgMaxNameChars isn't effective?
• It may not be an IP address.
• It may not be one of a list of configured reserved usernames. See $wgReservedUsernames
• It may not have a namespace or interwiki prefix, e.g. User:Wikipedia:Jimmy Wales
• It may not contain '#' or '/'.
• It may not contain '@'.
• It may not contain various control characters, unusual whitespace, or UTF-8 private use characters: U+0080–U+009F, U+00A0, U+2000–U+200F, U+2028–U+202F, U+3000, or U+E000–U+F8FF.
• In addition Extension:AntiSpoof imposes:
  • It may not contain many other Unicode characters, such as U+2044 ( ⁄, "Fraction slash") and U+FF0F ( ／, "Fullwidth solidus").
  • It may not look similar to" existing usernames according to Extension:AntiSpoof's logic, e.g Swalling looks too much like Swailing, ƿoco looks like poco
  • It cannot only contain numbers and punctuation ('antispoof-noletters' => 'Does not contain any letters')

There are additionally policies set by the community which govern what kind of usernames are unacceptable. These choices, such as putting 'bot' or 'sysop' in your username, may result in an indefinite block for the account.

In addition to the requirements listed above, we should test using heuristics derived from community policy. Checking for serious problems before a user registers will reduce the number of those who must be blocked post-signup for usernames which are inappropriate. Eligible candidates for adding to the username checks include...

1. Usernames that give the impression that the account has permissions which it does not have, for example by containing the terms "administrator", "bureaucrat", "steward", "checkuser", "oversight", or similar terms like "admin", "sysop" or "moderator"
2. Usernames which could be easily misunderstood to refer to a "bot" (which is used to identify bot accounts) or a "script" (which alludes to automated editing processes), unless the account is of that type.
3. Usernames including phrases such as "wikipedia", "wikimedia", "wiktionary" if they give the incorrect impression that the account may be officially affiliated with the Wikimedia Foundation or one of its projects. (The words 'wiki' and 'Wikipedian' are not included here.)
4. Usernames which resemble IP addresses (as these are expected to designate non-logged-in users), timestamps or other names which would be confusing within the Wikipedia signature format.
5. Disruptive or offensive usernames, e.g. includes insults or foul language
6. Promotional usernames, e.g. which include the name of a website or company.

The desired behavior for these heuristics is likely not preventing account creation entirely, but rather including a message that suggests someone may not want to create an account with such a name.