[wp-hackers] On overly-obscure passwords
Otto
otto at ottodestruct.com
Wed May 5 18:14:08 UTC 2010
On Wed, May 5, 2010 at 12:51 PM, Matt Mullenweg <m at mullenweg.com> wrote:
> On 5/5/2010 9:54 AM, Peter Westwood wrote:
>>
>> I don't see how reducing the character set down is going to significantly
>> improve the user experience - most people with just copy and paste the
>> password.
>
> I think having it be number + letters only would be easier for people to
> remember. We can still indicate that punctuation is a good thing in our
> password strength meter.
That would be basically a simple 1 line patch.
In wp-login.php, in reset_password(), change this:
$new_pass = wp_generate_password();
To this:
$new_pass = wp_generate_password(12,false);
A similar change can be made in register_new_user() if you want to
affect how new user password's look.
-Otto
More information about the wp-hackers
mailing list