[wp-trac] [WordPress Trac] #21737: Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords
WordPress Trac
noreply at wordpress.org
Tue Oct 23 00:32:45 UTC 2012
#21737: Users should have to jump through hoops to set passwords of their choosing,
and we should guard better against weak passwords
-----------------------------+------------------------------
Reporter: markjaquith | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
-----------------------------+------------------------------
Comment (by convissor):
Some more points about the approach taken in the Login Security
Solution...
It permits passwords to be in any alphabet supported by UTF-8. It
distinguishes between letters (and the case thereof), numbers and
punctuation in all of the scripts (alphabets). The plugin's requirement
for upper and lower case letters in a password is skipped for alphabets
that only have one case. If mbstring is not installed, the plugin
requires the password contain only ASCII characters.
The password validator also examines for too many sequential characters
(so "abcde12345" would be rejected).
It has checks to block matches of the user's information, the blog's
information.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21737#comment:6>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list