[wp-trac] [WordPress Trac] #28910: Password strength meter reporting 'Very Weak' for decent(?) password
WordPress Trac
noreply at wordpress.org
Tue Jul 15 17:42:08 UTC 2014
#28910: Password strength meter reporting 'Very Weak' for decent(?) password
--------------------------+-----------------------------
Reporter: philipjohn | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 3.9.1
Severity: normal | Keywords:
Focuses: ui |
--------------------------+-----------------------------
The password strength meter is reporting 'On3Hydra10!' as "very weak"
despite many online password checkers I used seeing it as at least decent.
I've verified this happens on vanilla WP.
I checked the password against online password strength meters with the
following results;
http://www.passwordmeter.com/ - "100%"
https://www.microsoft.com/en-gb/security/pc-security/password-checker.aspx
= "Medium"
https://howsecureismypassword.net/ - "4 thousand years to crack"
https://www.grc.com/haystack.htm = "1.83 years to crack"
http://rumkin.com/tools/password/passchk.php - "Reasonable"
http://password-checker.online-domain-tools.com/ = "69%"
https://www-ssl.intel.com/content/www/us/en/forms/passwordwin.html - "10
months to crack"
http://blog.kaspersky.com/password-check/ - "2 hours to crack"
https://www.my1login.com/content/password-strength-test.php - "weak"
The last two do raise the possibility that WP is right and the other 7
password checkers aren't up to scratch, so this may not be a bug. What
makes me question that theory is that omitting the exclamation mark
upgrades the status to "weak", which feels wrong.
I.e., WP says;
On3Hydra10! = Very Weak
On3Hydra10 = Weak
--
Ticket URL: <https://core.trac.wordpress.org/ticket/28910>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list