[wp-trac] [WordPress Trac] #21737: Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords
WordPress Trac
noreply at wordpress.org
Wed Apr 17 14:55:24 UTC 2013
#21737: Users should have to jump through hoops to set passwords of their choosing,
and we should guard better against weak passwords
-----------------------------+------------------------------
Reporter: markjaquith | Owner: westi
Type: feature request | Status: accepted
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
-----------------------------+------------------------------
Changes (by clwill):
* cc: chris@… (added)
Comment:
I third the agreement with jenmylo's comment. Requirements are a very bad
user experience. I am not signed up with my state DMV simply because
their password requirements were so onerous.
I also want to add in concern for a widespread belief that passphrase
complexity is the answer to security against brute force attacks. It just
becomes an arms races. Please read this article on the long term future
of the password:
http://www.wired.com/gadgetlab/2012/11/ff-mat-honan-password-hacker/
I think WP and Automattic should approach the issue of broad scale secure
account attacks with the same concern and resources they did against broad
scale spamming. Harness the power of millions of WP sites to identify and
block the offenders. This, like spam, is a case where the sheer power of
numbers can help, and only Automattic can leverage that power.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21737#comment:24>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list