[pull] main from mdn:main

files/en-us/_redirects.txt

@@ -7269,15 +7269,15 @@
 /en-US/docs/Security/CSP/Using_Content_Security_Policy	/en-US/docs/Web/HTTP/Guides/CSP
 /en-US/docs/Security/Firefox_Security_Guidelines	/en-US/docs/Web/Security/Firefox_Security_Guidelines
 /en-US/docs/Security/HTTP_Strict_Transport_Security	/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security
-/en-US/docs/Security/InsecurePasswords	/en-US/docs/Web/Security/Insecure_passwords
-/en-US/docs/Security/Insecure_passwords	/en-US/docs/Web/Security/Insecure_passwords
+/en-US/docs/Security/InsecurePasswords	/en-US/docs/Web/Security/Authentication/Passwords
+/en-US/docs/Security/Insecure_passwords	/en-US/docs/Web/Security/Authentication/Passwords
 /en-US/docs/Security/MixedContent	/en-US/docs/Web/Security/Mixed_content
 /en-US/docs/Security/MixedContent/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
 /en-US/docs/Security/MixedContent/fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
 /en-US/docs/Security/Mixed_content	/en-US/docs/Web/Security/Mixed_content
 /en-US/docs/Security/Mixed_content/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
 /en-US/docs/Security/Securing_your_site	/en-US/docs/Web/Security/Practical_implementation_guides
-/en-US/docs/Security/Weak_Signature_Algorithm	/en-US/docs/Web/Security/Weak_Signature_Algorithm
+/en-US/docs/Security/Weak_Signature_Algorithm	/en-US/docs/Glossary/Hash_function
 /en-US/docs/Security_changes_in_Firefox_3.1	/en-US/docs/Mozilla/Firefox/Releases/3.5/Security_changes
 /en-US/docs/Security_changes_in_Firefox_3.5	/en-US/docs/Mozilla/Firefox/Releases/3.5/Security_changes
 /en-US/docs/Security_in_Firefox_2	/en-US/docs/Mozilla/Firefox/Releases/2/Security_changes
@@ -16302,6 +16302,7 @@
 /en-US/docs/Web/Security/Do_not_track_field_guide/Tutorials/3_Collecting_aggregate_data_based_on_DNT	/en-US/docs/Web/HTTP/Reference/Headers/DNT
 /en-US/docs/Web/Security/Do_not_track_field_guide/Tutorials/Additional_resources	/en-US/docs/Web/HTTP/Reference/Headers/DNT
 /en-US/docs/Web/Security/HTTP_strict_transport_security	/en-US/docs/Web/HTTP/Reference/Headers/Strict-Transport-Security
+/en-US/docs/Web/Security/Insecure_passwords	/en-US/docs/Web/Security/Authentication/Passwords
 /en-US/docs/Web/Security/Mixed_content/How_to_fix_website_with_mixed_content	/en-US/docs/Web/Security/Mixed_content#developer_console
 /en-US/docs/Web/Security/Practical_implementation_guides/CSRF_prevention	/en-US/docs/Web/Security/Attacks/CSRF
 /en-US/docs/Web/Security/Practical_implementation_guides/Clickjacking	/en-US/docs/Web/Security/Attacks/Clickjacking
@@ -16311,6 +16312,7 @@
 /en-US/docs/Web/Security/Securing_your_site/Turning_off_form_autocompletion	/en-US/docs/Web/Security/Practical_implementation_guides/Turning_off_form_autocompletion
 /en-US/docs/Web/Security/Subdomain_takeovers	/en-US/docs/Web/Security/Attacks/Subdomain_takeover
 /en-US/docs/Web/Security/Types_of_attacks	/en-US/docs/Web/Security/Attacks
+/en-US/docs/Web/Security/Weak_Signature_Algorithm	/en-US/docs/Glossary/Hash_function
 /en-US/docs/Web/Text_fragments	/en-US/docs/Web/URI/Reference/Fragment/Text_fragments
 /en-US/docs/Web/Tutorials	/en-US/docs/MDN/Tutorials
 /en-US/docs/Web/URI/Authority	/en-US/docs/Web/URI/Reference/Authority

files/en-us/_wikihistory.json

@@ -124496,39 +124496,6 @@
       "psiinon"
     ]
   },
-  "Web/Security/Insecure_passwords": {
-    "modified": "2020-05-05T20:17:58.307Z",
-    "contributors": [
-      "jswisher",
-      "chrisdavidmills",
-      "PushpitaPikuDey",
-      "sultn711",
-      "Ajimi",
-      "bytesized",
-      "Sheppy",
-      "dannywu",
-      "mnoorenberghe",
-      "pinobatch",
-      "Nux",
-      "Luke314",
-      "esserj",
-      "Tonnes",
-      "hamsamuda14",
-      "TanviVyas",
-      "120301080",
-      "evairtalau",
-      "lleaff",
-      "NielsDeBlaauw",
-      "kscarfone",
-      "dreamness",
-      "gsarpong",
-      "dilsee",
-      "siyaam",
-      "k7hk7h",
-      "onlysomegetit",
-      "alagenchev"
-    ]
-  },
   "Web/Security/Mixed_content": {
     "modified": "2020-11-23T00:24:41.415Z",
     "contributors": [
@@ -124791,57 +124758,6 @@
       "adithya_mani"
     ]
   },
-  "Web/Security/Weak_Signature_Algorithm": {
-    "modified": "2019-03-23T23:07:20.873Z",
-    "contributors": [
-      "mfuji09",
-      "Sheppy",
-      "Loadmaster",
-      "grazies",
-      "kcjoon",
-      "andespa87",
-      "jsx",
-      "jswisher",
-      "grozis28",
-      "zabaki",
-      "t9anef",
-      "grifted",
-      "cyfur",
-      "chuggs10",
-      "jaycarrigan1931",
-      "HUNTEDBOY",
-      "elho",
-      "sandhiller58",
-      "SphinxKnight",
-      "Rictrick",
-      "elmaystro56",
-      "DCS_princess",
-      "wiml",
-      "Qazal",
-      "suncross",
-      "jozefjuszkiewicz",
-      "nickgibson215",
-      "maichoibg",
-      "kscarfone",
-      "dwilestari555",
-      "marumari",
-      "teoli",
-      "oRyzh",
-      "Moelay",
-      "maybe",
-      "lilliandyer57",
-      "keni1",
-      "nasko83",
-      "mohideen.azam",
-      "01271425424",
-      "evisu",
-      "seahorse48",
-      "dwulive",
-      "wbamberg",
-      "michaelweghorn",
-      "mgoodwin"
-    ]
-  },
   "Web/URI": {
     "modified": "2020-11-16T01:23:20.622Z",
     "contributors": [

files/en-us/learn_web_development/extensions/forms/basic_native_form_controls/index.md

@@ -96,7 +96,7 @@ The `password` value doesn't add any special constraints to the entered text, bu
 
 Keep in mind this is just a user interface feature; unless you submit your form securely, it will get sent in plain text, which is bad for security — a malicious party could intercept your data and steal passwords, credit card details, or whatever else you've submitted. The best way to protect users from this is to host any pages involving forms over a secure connection (i.e., located at an `https://` address), so the data is encrypted before it is sent.
 
-Browsers recognize the security implications of sending form data over an insecure connection, and have warnings to deter users from using insecure forms. For more information on what Firefox implements, see [Insecure passwords](/en-US/docs/Web/Security/Insecure_passwords).
+Browsers recognize the security implications of sending form data over an insecure connection, and have warnings to deter users from using insecure forms.
 
 ### Hidden content
 

files/en-us/learn_web_development/howto/tools_and_setup/what_software_do_i_need/index.md

@@ -76,7 +76,7 @@ All desktop operating systems come with a basic text editor. These editors are a
         <ul>
           <li><a href="https://notepad-plus-plus.org/">Notepad++</a></li>
           <li>
-            <a href="https://visualstudio.microsoft.com/">Visual Studio Code</a>
+            <a href="https://code.visualstudio.com/">Visual Studio Code</a>
           </li>
           <li><a href="https://www.jetbrains.com/webstorm/">Web Storm</a></li>
           <li><a href="https://brackets.io/">Brackets</a></li>
@@ -104,7 +104,7 @@ All desktop operating systems come with a basic text editor. These editors are a
             >
           </li>
           <li>
-            <a href="https://visualstudio.microsoft.com/">Visual Studio Code</a>
+            <a href="https://code.visualstudio.com/">Visual Studio Code</a>
           </li>
           <li><a href="https://brackets.io/">Brackets</a></li>
           <li><a href="https://shiftedit.net/">ShiftEdit</a></li>
@@ -147,7 +147,7 @@ All desktop operating systems come with a basic text editor. These editors are a
           <li><a href="https://www.gnu.org/software/emacs/">Emacs</a></li>
           <li><a href="https://www.vim.org/" rel="external">VIM</a></li>
           <li>
-            <a href="https://visualstudio.microsoft.com/">Visual Studio Code</a>
+            <a href="https://code.visualstudio.com/">Visual Studio Code</a>
           </li>
           <li><a href="https://brackets.io/">Brackets</a></li>
           <li><a href="https://shiftedit.net/">ShiftEdit</a></li>

files/en-us/mozilla/firefox/releases/51/index.md

@@ -128,7 +128,7 @@ Firefox 51 was released on January 24, 2017. This article lists key changes that
 
 ### Security
 
-- When login pages (i.e., those containing an [`<input type="password">`](/en-US/docs/Web/HTML/Reference/Elements/input/password) field) are created so that they would be submitted insecurely, Firefox displays a crossed-out lock icon in the address bar to warn users ([Firefox bug 1319119](https://bugzil.la/1319119)). See [Insecure passwords](/en-US/docs/Web/Security/Insecure_passwords) for more details.
+- When login pages (i.e., those containing an [`<input type="password">`](/en-US/docs/Web/HTML/Reference/Elements/input/password) field) are created so that they would be submitted insecurely, Firefox displays a crossed-out lock icon in the address bar to warn users ([Firefox bug 1319119](https://bugzil.la/1319119)).
 
 ### Removals
 

files/en-us/mozilla/firefox/releases/52/index.md

@@ -164,7 +164,7 @@ Firefox 52 was released on March 7, 2017. This article lists key changes that ar
 
 ### Security
 
-- When login pages (i.e., those containing an [`<input type="password">`](/en-US/docs/Web/HTML/Reference/Elements/input/password) field) are created so that they would be submitted insecurely, Firefox displays an in-context warning message below the password field to warn users ([Firefox bug 1319119](https://bugzil.la/1319119)). Autofill is also disabled on insecure login forms ([Firefox bug 1217152](https://bugzil.la/1217152)). See [Insecure passwords](/en-US/docs/Web/Security/Insecure_passwords) for more details.
+- When login pages (i.e., those containing an [`<input type="password">`](/en-US/docs/Web/HTML/Reference/Elements/input/password) field) are created so that they would be submitted insecurely, Firefox displays an in-context warning message below the password field to warn users ([Firefox bug 1319119](https://bugzil.la/1319119)). Autofill is also disabled on insecure login forms ([Firefox bug 1217152](https://bugzil.la/1217152)).
 - Support for SHA-1 SSL certificates has been removed; navigating to a secure page that uses a SHA-1 certificate will now result in an `Untrusted Connection` error ([Firefox bug 1330043](https://bugzil.la/1330043)).
 
 ## Plugins

files/en-us/web/html/reference/elements/input/password/index.md

@@ -44,7 +44,7 @@ Both approaches help a user check that they entered the intended password, which
 
 > [!NOTE]
 > Any forms involving sensitive information like passwords (such as login forms) should be served over HTTPS.
-> Many browsers now implement mechanisms to warn against insecure login forms; see [Insecure passwords](/en-US/docs/Web/Security/Insecure_passwords).
+> Many browsers now implement mechanisms to warn against insecure login forms.
 
 ## Value
 

files/en-us/web/security/index.md

@@ -58,8 +58,6 @@ Related topics:
   - : Certificate Transparency (CT) is an open framework designed to protect against and monitor for certificate misissuance. Newly issued certificates are 'logged' to publicly run, often independent CT logs. These provide append-only, cryptographically assured records of issued TLS certificates.
 - [Mixed content](/en-US/docs/Web/Security/Mixed_content)
   - : An HTTPS page that includes content fetched using [cleartext](/en-US/docs/Glossary/Plaintext) HTTP is called a **mixed content** page. Pages like this are only partially encrypted, leaving the unencrypted content accessible to sniffers and man-in-the-middle attackers.
-- [Weak signature algorithms](/en-US/docs/Web/Security/Weak_Signature_Algorithm)
-  - : The strength of the hash algorithm used in {{Glossary("Signature/Security", "signing")}} a {{Glossary("digital certificate")}} is a critical element of the security of the certificate. Some signature algorithms are known to be weak, and should be avoided when appropriate.
 
 ### Secure contexts and feature permissions
 
@@ -98,7 +96,7 @@ If you want to roll your own solution for collecting user data, make sure you un
 
 Here are some other tips for providing secure logins:
 
-- When collecting user login information, enforce strong passwords so that your user's account details cannot be easily guessed. Weak passwords are one of the main causes of security breaches. In addition, encourage your users to use a password manager so that they can use more complex passwords, don't need to worry about remembering them, and won't create a security risk by writing them down. See also our article on [Insecure passwords](/en-US/docs/Web/Security/Insecure_passwords).
+- When collecting user login information, enforce strong passwords so that your user's account details cannot be easily guessed. Weak passwords are one of the main causes of security breaches. In addition, encourage your users to use a password manager so that they can use more complex passwords, don't need to worry about remembering them, and won't create a security risk by writing them down. See also our article on [password authentication](/en-US/docs/Web/Security/Authentication/Passwords).
 - You should also educate your users about **phishing**. Phishing is the act of sending a message to a user (for example, an email or an SMS) containing a link to a site that looks like a site they use every day but isn't. The link is accompanied by a message designed to trick users into entering their username and password on the site so it can be stolen and then used by an attacker for malicious purposes.
 
   > [!NOTE]

files/en-us/web/security/practical_implementation_guides/tls/index.md

@@ -144,4 +144,3 @@ Content-Security-Policy: upgrade-insecure-requests;
 - [Transport layer security (TLS)](/en-US/docs/Web/Security/Transport_Layer_Security)
 - [Certificate Transparency](/en-US/docs/Web/Security/Certificate_Transparency)
 - [Mixed content](/en-US/docs/Web/Security/Mixed_content)
-- [Weak signature algorithms](/en-US/docs/Web/Security/Weak_Signature_Algorithm)