[wp-hackers] On overly-obscure passwords

Christian Gundersson gundersson at gmail.com
Thu May 6 07:36:32 UTC 2010


2010/5/6 Mark Waterous <lists at watero.us>

> That aside, the idea of presenting them with a form to choose a new
> password

after verifying that they are the account holder is in my opinion a really

good idea. This would completely bypass the need for dumbing down the random

password generator and add a layer of user friendly functionality that I

couldn't see anybody complaining about.



One could also generate a complex password and suggest it as a good password
for those that want it fast and don't want to bother with coming up with a
new one.

In my opinion that would be ideal, as I have some clients that accept
whatever password comes their way and some are really picky and want to use
the same password everywhere. (despite my arguments as to why thats a bad
idea :))



2010/5/6 Mark Waterous <lists at watero.us>

> The process is actually a standard convention on the web and is presented
> as
> such to keep people from randomly resetting passwords for accounts that
> don't belong to them - if it was a single step process, I could access your
> wp-login page and reset your password to my hearts content. I will never
> get
> it for myself this way, but can you imagine the pita it would be if you got
> that one jerk who thought it was funny?
>
> That aside, the idea of presenting them with a form to choose a new
> password
> after verifying that they are the account holder is in my opinion a really
> good idea. This would completely bypass the need for dumbing down the
> random
> password generator and add a layer of user friendly functionality that I
> couldn't see anybody complaining about. +1 for that idea.
> -Mark
>
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com
> [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of John
> Blackbourn
> Sent: Wednesday, May 05, 2010 7:47 PM
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] On overly-obscure passwords
>
> Maybe it would be worth looking at the password recovery process in
> general too. It works, but it's far from ideal (with the two emails
> being sent).
>
> At risk of going off-topic slightly, I don't see a reason why the
> authorisation link clicked in the first email can't take you to a
> screen where, instead of being presented with a message telling you
> that another email has been fired off with your new password, you are
> instead presented with a screen that allows you to choose a new
> password (complete with the password strength meter).
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list