[wp-hackers] On overly-obscure passwords

Jeremy Clarke jer at simianuprising.com
Mon May 10 19:02:33 UTC 2010

Got to this conversation late but this is so obviously a situation where a
few small changes can make a big difference.

+1 for choosing a password after clicking the first email link rather than
causing another email to be sent and checked. The current system has always
seemed ridiculous to me and is very very annoying at a time when you are
already probably feeling annoyed. This feels like a long-term plan though
since it involves a change to UI etc.

+1000 to simplifying the default generated passwords. There is pretty much
no reason at all why normal people would use the ^ symbol in daily life. It
is only on the 6 because of a historical coincidence IMHO. People don't know
what to do with them and the click-to-select thing has bitten me every
single time I've used an auto-generated password. If nothing else the
current insane passwords feel like something that a web app might choke on,
even to someone that understands web apps and how finicky they can be.

The added 'security' is not worth the loss in usability, especially
considering the fact that making the passwords weaker but still strong will
increase the likelihood that users keep the generated password instead of
immediately changing it back to 'mypass'.

I couldn't find a mention of this on trac so I created a ticket:

Jeremy Clarke | http://jeremyclarke.org
Code and Design | http://globalvoicesonline.org

More information about the wp-hackers mailing list