[wp-hackers] On overly-obscure passwords

John Blackbourn johnbillion+wp at gmail.com
Thu May 6 17:43:23 UTC 2010

On Thu, May 6, 2010 at 8:36 AM, Christian Gundersson
<gundersson at gmail.com> wrote:
> 2010/5/6 Mark Waterous <lists at watero.us>
>> That aside, the idea of presenting them with a form to choose a new
>> password
> after verifying that they are the account holder is in my opinion a really
> good idea. This would completely bypass the need for dumbing down the random
> password generator and add a layer of user friendly functionality that I
> couldn't see anybody complaining about.
> One could also generate a complex password and suggest it as a good password
> for those that want it fast and don't want to bother with coming up with a
> new one.
> In my opinion that would be ideal, as I have some clients that accept
> whatever password comes their way and some are really picky and want to use
> the same password everywhere. (despite my arguments as to why thats a bad
> idea :))

I think that is an ideal solution too. Not 100% sure how the suggested
random password could be presented without overly confusing the screen
though. Maybe just the password strength meter on there would be
enough? Not sure.

@Mark Waterous: The password wouldn't be reset when a username is
entered into the password recovery form, so the situation of people
being able to reset your password just by entering your username
wouldn't happen. In fact nothing would happen until you click the
authorisation link in the email and then fill out a new password.

More information about the wp-hackers mailing list