[wp-trac] [WordPress Trac] #40234: Do not allow weak passwords

WordPress Trac noreply at wordpress.org
Wed Mar 22 17:43:46 UTC 2017


#40234: Do not allow weak passwords
-------------------------------------+------------------------------
 Reporter:  robdxw                   |       Owner:
     Type:  enhancement              |      Status:  new
 Priority:  normal                   |   Milestone:  Awaiting Review
Component:  Security                 |     Version:  4.3
 Severity:  normal                   |  Resolution:
 Keywords:  2nd-opinion ux-feedback  |     Focuses:
-------------------------------------+------------------------------

Comment (by jrchamp):

 @iandunn zxcvbn, which is used for the password strength meter, does not
 have "rules" so much as "strength" levels that are based on the amount of
 entropy that they call "guesses". The current version (included in 4.8)
 has an option to surface specific, helpful information about why weak
 passwords are considered weak. It can also make some simple suggestions on
 how to make it better. I don't believe this new functionality is being
 used in 4.8, but I might be mistaken.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40234#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list