[wp-hackers] Stronger default passwords

Podz podz at tamba2.org.uk
Wed Dec 22 05:39:01 UTC 2004

Kitty wrote:
> Maybe it's time to make the generated passwords a little longer? With
> all the PHP security news + phpBB cracks coming out/going around, it
> might be a good idea.
> I suggest 10 digits ala:
> $user_pass = substr(md5(uniqid(microtime())), 0, 10);
> Overkill?

No, but with respect, virtually pointless.

I deal with many many WP / ftp and mysql passwords and it comes down to 
two types of user:
- those that do care
- those that haven't a clue

The number of people who have the same password for each of the above is 
amazing, and without fail I point people at a freeware password managing 
solution. Whether or not they choose to use that is up to them.
Not saying it shouldn't be done, just that minimal effort should be 
expended on it.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 261 bytes
Desc: OpenPGP digital signature
Url : /pipermail/hackers_wordpress.org/attachments/20041222/88199745/signature.bin

More information about the hackers mailing list