[wp-hackers] On overly-obscure passwords

Otto otto at ottodestruct.com
Wed May 5 18:14:08 UTC 2010


On Wed, May 5, 2010 at 12:51 PM, Matt Mullenweg <m at mullenweg.com> wrote:
> On 5/5/2010 9:54 AM, Peter Westwood wrote:
>>
>> I don't see how reducing the character set down is going to significantly
>> improve the user experience - most people with just copy and paste the
>> password.
>
> I think having it be number + letters only would be easier for people to
> remember. We can still indicate that punctuation is a good thing in our
> password strength meter.


That would be basically a simple 1 line patch.

In wp-login.php, in reset_password(), change this:
$new_pass = wp_generate_password();

To this:
$new_pass = wp_generate_password(12,false);

A similar change can be made in register_new_user() if you want to
affect how new user password's look.

-Otto


More information about the wp-hackers mailing list