[wp-hackers] On overly-obscure passwords

kaiiser 24-7 at gmx.net
Thu May 6 10:49:18 UTC 2010

Hi list,
> > The advantage of a password containing just lowercase and uppercase letters
> > and numbers (without symbols), is that it is perceived as one word by the
> > computer/browser. Therefore a double-click selects the whole password, or
> > the browser's/OS's inbuilt text selection 'helps' the user select the word.
> > Having symbols in the word breaks both these behaviours.

As far as i have seen it on two projects with a medium amount (~300)
of users:
most of them don't even know standard functionality. For ex.: copy/
paste (ctrl-c/v)
is something they never heard before. So i wouldn't give too much hope
on double-klick
selection. The most problem our users had with pw-recovering mails was
the automatic-link
and the plain-text-mail: When you receive a plain-text mail in ex.
microsoft outlook, then
the recovery-link get's linked by outlook, but broken at white
Ex: http://example.com/wp-login?action=rp&key=YcLmiYqDkXJWcDzG2mbl&login=Firstname
"Lastname" and the space don't get linked and the user comes to a 404-

Another thing was the confusion with "wordpress"@example.com. Our
(working) sollution
is a) using an alternate address like "registration" and b) making
descriptive login-mails
including a short faq for the most common problems. So i wouldn't
change the password.


More information about the wp-hackers mailing list