[wp-trac] [WordPress Trac] #37604: 'Password Lost/Changed' emails should give indication of the strength of the new password
WordPress Trac
noreply at wordpress.org
Tue Aug 9 01:01:43 UTC 2016
#37604: 'Password Lost/Changed' emails should give indication of the strength of
the new password
-----------------------------+-----------------------------
Reporter: lovingboth | Owner:
Type: feature request | Status: new
Priority: normal | Milestone: Future Release
Component: Security | Version: 3.7
Severity: normal | Resolution:
Keywords: needs-patch | Focuses:
-----------------------------+-----------------------------
Comment (by iandunn):
Is email a secure medium for transmitting that information? My impression
is that SSL isn't ubiquitous yet, so in some cases we'd basically be
telling attackers, "Hey, look! This user has a weak password." That
impression could be outdated, though.
Perhaps the benefits of informing admins would outweigh the potential for
leaking that info? If so, maybe it'd help to include a link in the email
so that admins can reset weak passwords to strong ones with a single
click.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/37604#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list