From d156da340281973bf87f9829b78a7f890678cf50 Mon Sep 17 00:00:00 2001
From: epriestley <git@epriestley.com>
Date: Wed, 3 Feb 2016 05:57:17 -0800
Subject: [PATCH] Clarify why VCS passwords must be unique

Summary: Fixes T10265.

Test Plan: Read text.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10265

Differential Revision: https://secure.phabricator.com/D15173
---
 src/docs/user/userguide/diffusion_hosting.diviner | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/src/docs/user/userguide/diffusion_hosting.diviner b/src/docs/user/userguide/diffusion_hosting.diviner
index ecf7e1c3e3..6427be92e5 100644
--- a/src/docs/user/userguide/diffusion_hosting.diviner
+++ b/src/docs/user/userguide/diffusion_hosting.diviner
@@ -127,8 +127,13 @@ If you plan to use authenticated HTTP, you need to set
 use only anonymous HTTP, you can leave this setting disabled.
 
 If you plan to use authenticated HTTP, you'll also need to configure a VCS
-password in {nav Settings > VCS Password}. This is a different password than
-your main Phabricator password primarily for security reasons.
+password in {nav Settings > VCS Password}.
+
+Your VCS password must be a different password than your main Phabricator
+password because VCS passwords are very easy to accidentally disclose. They are
+often stored in plaintext in world-readable files, observable in `ps` output,
+and present in command output and logs. We strongly encourage you to use SSH
+instead of HTTP to authenticate access to repositories.
 
 Otherwise, if you've configured system accounts above, you're all set. No
 additional server configuration is required to make HTTP work.