[wp-trac] [WordPress Trac] #13324: Limit auto-generated passwords to alphanumeric chars for usability (from wp-hackers)
WordPress Trac
wp-trac at lists.automattic.com
Mon May 10 18:58:47 UTC 2010
#13324: Limit auto-generated passwords to alphanumeric chars for usability (from
wp-hackers)
---------------------------+------------------------------------------------
Reporter: jeremyclarke | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 3.1
Component: Accessibility | Version:
Severity: normal | Keywords:
---------------------------+------------------------------------------------
On WP-Hackers a change to the auto-generated passwords was proposed. The
passwords should only contain letters and numbers (including uppercase) so
that people don't get freaked out by them. The current passwords are also
unnecessarily hard to copy/paste because the non-alphanumeric characters
foil the click-to-select features of Mac OSX if not other operating
systems as well.
Thread URL:
http://groups.google.com/group/wp-
hackers/browse_thread/thread/b1ab78c2b54572c2#
Ma.tt supports the change and unless someone has a really good argument I
think it should be implemented after 3.0 is launched.
On a theoretical level this change will make passwords slightly less
secure but the difference is probably not something that will affect
anyone. It may actually increase the likelihood of secure passwords since
users will be less likely to change their password immediately if its
something they actually know how to type!
I am traveling right now and can't make a patch but Otto already figured
out what is needed:
{{{
That would be basically a simple 1 line patch.
In wp-login.php, in reset_password(), change this:
$new_pass = wp_generate_password();
To this:
$new_pass = wp_generate_password(12,false);
A similar change can be made in register_new_user() if you want to
affect how new user password's look.
}}}
--
Ticket URL: <http://core.trac.wordpress.org/ticket/13324>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list