[wp-trac] [WordPress Trac] #21737: Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords
WordPress Trac
noreply at wordpress.org
Fri Aug 16 21:10:14 UTC 2013
#21737: Users should have to jump through hoops to set passwords of their choosing,
and we should guard better against weak passwords
----------------------------+-----------------------
Reporter: markjaquith | Owner: westi
Type: task (blessed) | Status: accepted
Priority: normal | Milestone: 3.7
Component: Security | Version:
Severity: normal | Resolution:
Keywords: |
----------------------------+-----------------------
Comment (by nacin):
Looking a bit further, upstream zxcvbn-async.js is hard-coded to pull the
file from Dropbox. Obviously we don't want that, so we modified it. At the
same time, we deliberately don't register zxcvbn.min.js, because zxcvbn-
async.js should be used instead. That is good! But if we combine zxcvbn-
async.js with our password meter file, the end result is likely increased
direct references by plugins to zxcvbn.min.js.
We could almost treat zxcvbn-async.js as a WP file. Maybe even call it wp-
zxcvbn.js or wp-password-strength.js. And then merge password-strength-
meter.js into that, rather than the other way around.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/21737#comment:35>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list