[wp-hackers] On overly-obscure passwords

Edward Dale scompt at scompt.com
Wed May 5 14:02:05 UTC 2010 

Passwords are generated using the wp_generate_password function
defined in pluggable.php. You can override it by defining your own
version somewhere, perhaps in your theme's functions.php. For example:

function wp_generate_password($length = 12, $special_chars = true) {
  return "random_password";
}

Cheers,
Edward

On Wed, May 5, 2010 at 11:57 AM, Baki Goxhaj <banago at gmail.com> wrote:
> Even allowing the users to choose their own password on recovery process
> would be really good.
>
> Personally I have not had such a reaction from any of my clients, but that
> seems like something that needs some attention.
>
> Baki
>
> 00355 67 22 44 213
> info at wplancer.com
> www.wplancer.com
>
>
> On 5 May 2010 11:53, John Blackbourn
> <johnbillion+wp at gmail.com<johnbillion%2Bwp at gmail.com>
>> wrote:
>
>> The new passwords that are generated by WordPress when you go through
>> the "forgot your password" process are overly obscure and are
>> confusing for some users. An example of a password generated by
>> WordPress is "vRC0jaq$t^Mv".
>>
>> I've now encountered three clients of mine who have not proceeded to
>> log in to WordPress with this password as they were confused by it or
>> thought that something had gone wrong. I understand that the more
>> obscure a password is, the harder it is to crack, however in this case
>> I think these overly obscure passwords are having a negative effect on
>> user experience. Surely a password such as "f3nDTwp2" is obscure
>> enough, without the added non-alpha-numeric characters?
>>
>> I think the use of wp_generate_password() in the password recovery
>> process should be changed so that special characters are not used. It
>> may even be desirable to introduce another parameter to this function
>> so that only lowercase letters are used in this case.
>>
>> Opinions?
>>
>> John
>> _______________________________________________
>> wp-hackers mailing list
>> wp-hackers at lists.automattic.com
>> http://lists.automattic.com/mailman/listinfo/wp-hackers
>>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>

More information about the wp-hackers mailing list