fix(localizations): Update compromised password message for clarity (#7406)

octoper · web-flow · commit f390da1db247 · 2025-12-09T14:10:01.000+02:00
diff --git a/.changeset/thin-ends-punch.md b/.changeset/thin-ends-punch.md
@@ -0,0 +1,2 @@
+---
+---
diff --git a/integration/tests/session-tasks-sign-in-reset-password.test.ts b/integration/tests/session-tasks-sign-in-reset-password.test.ts
@@ -30,7 +30,7 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
 
       await expect(
         u.page.getByText(
-          "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+          'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
         ),
       ).toBeVisible();
       await u.po.signIn.getAltMethodsEmailCodeButton().click();
@@ -83,7 +83,7 @@ testAgainstRunningApps({ withEnv: [appConfigs.envs.withSessionTasksResetPassword
 
       await expect(
         u.page.getByText(
-          "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+          'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
         ),
       ).toBeVisible();
       await u.po.signIn.getAltMethodsEmailCodeButton().click();
diff --git a/packages/localizations/src/en-US.ts b/packages/localizations/src/en-US.ts
@@ -907,10 +907,9 @@ export const enUS: LocalizationResource = {
     form_password_pwned__sign_in:
       'This password has been found as part of a breach and can not be used, please reset your password.',
     form_password_size_in_bytes_exceeded: undefined,
-    form_password_compromised__sign_in:
-      "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+    form_password_compromised__sign_in: undefined,
     form_password_untrusted__sign_in:
-      "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+      'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
     form_password_validation_failed: undefined,
     form_username_invalid_character: undefined,
     form_username_invalid_length: 'Your username must be between {{min_length}} and {{max_length}} characters long.',
diff --git a/packages/ui/src/components/SignIn/__tests__/SignInFactorOne.test.tsx b/packages/ui/src/components/SignIn/__tests__/SignInFactorOne.test.tsx
@@ -369,9 +369,9 @@ describe('SignInFactorOne', () => {
         const errJSON = {
           code: 'form_password_compromised',
           long_message:
-            "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+            'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
           message:
-            "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+            'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
           meta: { param_name: 'password' },
         };
 
@@ -387,7 +387,7 @@ describe('SignInFactorOne', () => {
 
         await screen.findByText('Password compromised');
         await screen.findByText(
-          "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+          'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
         );
 
         await screen.findByText('Email code to hello@clerk.com');
@@ -410,9 +410,9 @@ describe('SignInFactorOne', () => {
         const errJSON = {
           code: 'form_password_compromised',
           long_message:
-            "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+            'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
           message:
-            "Your password appears to have been compromised or it's no longer trusted and cannot be used. Please use another method to continue.",
+            'Your password may be compromised. To protect your account, please continue with an alternative sign-in method. You will be required to reset your password after signing in.',
           meta: { param_name: 'password' },
         };
 
