[Bb-trac] [bbPress] #779: proposal for user selected password during registration

bbPress bb-trac at lists.bbpress.org
Wed Jan 30 07:19:37 GMT 2008 

#779: proposal for user selected password during registration
--------------------------+-------------------------------------------------
 Reporter:  _ck_          |       Owner:     
     Type:  enhancement   |      Status:  new
 Priority:  normal        |   Milestone:     
Component:  Registration  |     Version:     
 Severity:  normal        |    Keywords:     
--------------------------+-------------------------------------------------
 bbPress should enhance the registration process to the modern friendly
 method of allowing the user to create their own password rather than an
 initial harsh random one that is hard to remember/copy.

 This improvement would have an important benefit of not sending real
 passwords via email in clear text and archived in their email accounts for
 hackers to find.

 method:
 two mandatory additional fields on the register.php page, one for the
 password, a second to verify since it will be hidden as they type, ala
 *****

 optionally, some simple javascript processing could be added to alert the
 user to the password strength

 the currently generated random password can be used instead in an email,
 still sent and required to be checked, as an authorization code to prove
 ownership of an email account

 ie.
 "please click this link to activate your account
 http://bbpress.org/forums/?account-verify=583%$#1*"

 This auth code would have to be stored in user meta data, kept as md5/hash
 etc. like the current password method uses, so a hacker cannot take
 advantage of un-activated accounts if they get ahold of the db.

 The accounts would have to start on inactive status and be upgraded to
 active, deleting the auth code after activation to prevent re-use.

 A user who forgets their password would be sent a new auth code, instead
 of a replacement password - then upon verifying with the link, they would
 get taken to a page to enter a new password for themselves.

-- 
Ticket URL: <http://trac.bbpress.org/ticket/779>
bbPress <http://bbpress.org/>
Innovative forum development

More information about the Bb-trac mailing list