[wp-trac] [WordPress Trac] #21737: Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords
WordPress Trac
noreply at wordpress.org
Fri Aug 16 18:55:27 UTC 2013
#21737: Users should have to jump through hoops to set passwords of their choosing,
and we should guard better against weak passwords
----------------------------+-----------------------
Reporter: markjaquith | Owner: westi
Type: task (blessed) | Status: accepted
Priority: normal | Milestone: 3.7
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------
Comment (by nacin):
Talking to desrosj at WordCamp Providence. The thinking is that Dropbox's
zxcvbn library is actually pretty cool. It's heavy at 600+ kb, but that's
only for pages where we need a password strength meter, and we could
probably even just load the script async once they focus on a password
field.
Otto42 has a plugin: http://wordpress.org/plugins/zxcvbn/. It's a really
simple implementation (it just replaces our existing password-strength-
meter script and adds a dependency of zxcvbn.js). I think we should
strongly consider it for 3.7.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21737#comment:32>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list