[wp-hackers] Stronger default passwords

drDave drdave at unknowngenius.com
Wed Dec 22 03:58:45 UTC 2004

With a few easy mods (perhaps adding a digits or two), that ought to do 
the work:

On Dec 21, 2004, at 11:01 PM, Scott Merrill wrote:

> Kitty wrote:
>> On Tue, 2004-12-21 at 20:16, Mark Jaquith wrote:
>>> Why don't we just prompt the user for an admin password when we ask 
>>> for email and blog name?  As it is, we give it to them, so it's not 
>>> like there's really a security problem.  It'd sure save a lot of 
>>> frustration for users who don't write down the admin password (yeah, 
>>> me once). We could enforce minimum length or complexity if we 
>>> wanted, too, if we wanted to make things more secure.
>> All good points, and all I really have to say is:
>> Most people putting up a blog don't have the necessary paranoia to 
>> pick
>> a password on a open to the internet login page[1]. We should 
>> definitely
>> continue to provide the password. I think it should be stronger.
> Could someone port pwgen [1] to PHP so that we could at least provide 
> pronounceable, moderately secure and moderately random passwords to 
> the users?
> 1: http://sourceforge.net/projects/pwgen/
> _______________________________________________
> hackers mailing list
> hackers at wordpress.org
> http://wordpress.org/mailman/listinfo/hackers_wordpress.org
Dave / デイヴ
drdave at unknowngenius.com

More information about the hackers mailing list