[wp-hackers] Stronger default passwords
Scott Merrill
skippy at skippy.net
Wed Dec 22 04:01:04 UTC 2004
Kitty wrote:
> On Tue, 2004-12-21 at 20:16, Mark Jaquith wrote:
>
>>Why don't we just prompt the user for an admin password when we ask for
>>email and blog name? As it is, we give it to them, so it's not like
>>there's really a security problem. It'd sure save a lot of frustration
>>for users who don't write down the admin password (yeah, me once). We
>>could enforce minimum length or complexity if we wanted, too, if we
>>wanted to make things more secure.
>
>
> All good points, and all I really have to say is:
> Most people putting up a blog don't have the necessary paranoia to pick
> a password on a open to the internet login page[1]. We should definitely
> continue to provide the password. I think it should be stronger.
Could someone port pwgen [1] to PHP so that we could at least provide
pronounceable, moderately secure and moderately random passwords to the
users?
1: http://sourceforge.net/projects/pwgen/
More information about the hackers
mailing list