[wp-hackers] Stronger default passwords

Scott Merrill skippy at skippy.net
Wed Dec 22 04:01:04 UTC 2004

Kitty wrote:
> On Tue, 2004-12-21 at 20:16, Mark Jaquith wrote:
>>Why don't we just prompt the user for an admin password when we ask for 
>>email and blog name?  As it is, we give it to them, so it's not like 
>>there's really a security problem.  It'd sure save a lot of frustration 
>>for users who don't write down the admin password (yeah, me once). We 
>>could enforce minimum length or complexity if we wanted, too, if we 
>>wanted to make things more secure.
> All good points, and all I really have to say is:
> Most people putting up a blog don't have the necessary paranoia to pick
> a password on a open to the internet login page[1]. We should definitely
> continue to provide the password. I think it should be stronger.

Could someone port pwgen [1] to PHP so that we could at least provide 
pronounceable, moderately secure and moderately random passwords to the 

1: http://sourceforge.net/projects/pwgen/

More information about the hackers mailing list