[wp-trac] Re: [WordPress Trac] #2870: Password handling improvements

WordPress Trac wp-trac at lists.automattic.com
Tue Jul 11 16:11:36 GMT 2006

#2870: Password handling improvements
 Reporter:  markjaquith                             |        Owner:  darkfate
     Type:  enhancement                             |       Status:  assigned
 Priority:  normal                                  |    Milestone:  2.1     
Component:  Administration                          |      Version:  2.0.3   
 Severity:  normal                                  |   Resolution:          
 Keywords:  bg|has-patch|needs-testing|2nd-opinion  |  
Comment (by masquerade):

 Out of curiosity on a comparison of how many other web applications do
 this, I searched my primary inbox for the past couple of years, a few
 thousand mails, including everything I ever signed up for, for my
 passwords. 9 results came up total, which I know is tiny compared to how
 many places I have signed up for. A few offenders are dreamhost, newegg,
 and a few other places I buy hosting from. Nothing from any forum,
 blogging site, etc.

 Really, to me, encouraging users to save their password in their inbox is
 encouraging more and more lenient security policies. I'm not saying that
 some fool might do it anyways, but we shouldn't facilitate people trying
 to do something foolish, and anything that shows you the password you just
 created is included. You should have to type it twice to confirm you know
 the password, we shouldn't have to tell them what they just typed twice,
 I'm pretty sure they know what they just put.

Ticket URL: <http://trac.wordpress.org/ticket/2870>
WordPress Trac <http://wordpress.org/>
WordPress blogging software

More information about the wp-trac mailing list