[wp-trac] [WordPress Trac] #21737: Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords

WordPress Trac noreply at wordpress.org
Tue Oct 23 00:32:45 UTC 2012


#21737: Users should have to jump through hoops to set passwords of their choosing,
and we should guard better against weak passwords
-----------------------------+------------------------------
 Reporter:  markjaquith      |       Owner:
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  Security         |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |
-----------------------------+------------------------------

Comment (by convissor):

 Some more points about the approach taken in the Login Security
 Solution...

 It permits passwords to be in any alphabet supported by UTF-8.  It
 distinguishes between letters (and the case thereof), numbers and
 punctuation in all of the scripts (alphabets).  The plugin's requirement
 for upper and lower case letters in a password is skipped for alphabets
 that only have one case.  If mbstring is not installed, the plugin
 requires the password contain only ASCII characters.

 The password validator also examines for too many sequential characters
 (so "abcde12345" would be rejected).

 It has checks to block matches of the user's information, the blog's
 information.

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/21737#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list