[wp-trac] [WordPress Trac] #32428: Do not e-mail passwords
WordPress Trac
noreply at wordpress.org
Mon May 18 16:43:50 UTC 2015
#32428: Do not e-mail passwords
----------------------------+-----------------
Reporter: markjaquith | Owner:
Type: task (blessed) | Status: new
Priority: normal | Milestone: 4.3
Component: Security | Version:
Severity: normal | Keywords:
Focuses: administration |
----------------------------+-----------------
When creating an account for someone in WordPress, this is a bad time to
let the user-creator pick a password. First, we’re risking that it’s weak,
but even if it isn’t weak, it isn’t going to memorable for the actual user
who will own the account. In this case, we should just generate a
password, and send the user a password view/reset link. For situations
without e-mail, we can let the creator see the password, and send it to
the user via a more secure than e-mail method.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32428>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list