[wp-hackers] On overly-obscure passwords
John Blackbourn
johnbillion+wp at gmail.com
Thu May 6 02:47:18 UTC 2010
What I omitted to mention was that one of my clients is actually a
WordPress.com VIP user, so improving the process on a client-by-client
basis is not something I can do for that particular site.
I think Simon makes a key point (Hi Simon!). Less experienced users
are probably already struggling through the password recovery process,
having already clicked a link in the first email and been told to now
go back and find another email and now they're presented with this
obscure password which they've either got to copy and paste or write
it down and then type it out in the password field (I've seen it
done).
Remember too that we're not only talking about admins and editors and
authors. Sites that have user registration open for whatever purpose
are potentially dealing with significantly less experienced users than
those who publish with WordPress.
Maybe it would be worth looking at the password recovery process in
general too. It works, but it's far from ideal (with the two emails
being sent).
At risk of going off-topic slightly, I don't see a reason why the
authorisation link clicked in the first email can't take you to a
screen where, instead of being presented with a message telling you
that another email has been fired off with your new password, you are
instead presented with a screen that allows you to choose a new
password (complete with the password strength meter).
More information about the wp-hackers
mailing list