[wp-hackers] On overly-obscure passwords

Baki Goxhaj banago at gmail.com
Wed May 5 09:57:07 UTC 2010


Even allowing the users to choose their own password on recovery process
would be really good.

Personally I have not had such a reaction from any of my clients, but that
seems like something that needs some attention.

Baki

00355 67 22 44 213
info at wplancer.com
www.wplancer.com


On 5 May 2010 11:53, John Blackbourn
<johnbillion+wp at gmail.com<johnbillion%2Bwp at gmail.com>
> wrote:

> The new passwords that are generated by WordPress when you go through
> the "forgot your password" process are overly obscure and are
> confusing for some users. An example of a password generated by
> WordPress is "vRC0jaq$t^Mv".
>
> I've now encountered three clients of mine who have not proceeded to
> log in to WordPress with this password as they were confused by it or
> thought that something had gone wrong. I understand that the more
> obscure a password is, the harder it is to crack, however in this case
> I think these overly obscure passwords are having a negative effect on
> user experience. Surely a password such as "f3nDTwp2" is obscure
> enough, without the added non-alpha-numeric characters?
>
> I think the use of wp_generate_password() in the password recovery
> process should be changed so that special characters are not used. It
> may even be desirable to introduce another parameter to this function
> so that only lowercase letters are used in this case.
>
> Opinions?
>
> John
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list