[wp-trac] [WordPress Trac] #37604: 'Password Lost/Changed' emails should give indication of the strength of the new password
WordPress Trac
noreply at wordpress.org
Mon Aug 8 19:08:41 UTC 2016
#37604: 'Password Lost/Changed' emails should give indication of the strength of
the new password
-----------------------------+-----------------------------
Reporter: lovingboth | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.5.3
Severity: normal | Keywords: password change
Focuses: |
-----------------------------+-----------------------------
When any user changes their password, the site's owner gets an email that
currently just says:
"Password Lost and Changed for user: [username]"
It would help administrators if the email also included WordPress's
assessment of the strength of the new one. I don't always agree with that
assessment, but it is better than saying nothing.
As it is, there's no way to know if the user has just picked an extremely
weak password and thanks to the repeated user privilege escalation exploit
issues, even low level users with weak passwords can put the whole site at
risk.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37604>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list