[wp-trac] [WordPress Trac] #35817: Force users to set strong passwords
WordPress Trac
noreply at wordpress.org
Tue Aug 9 22:05:06 UTC 2016
#35817: Force users to set strong passwords
----------------------------+------------------------------
Reporter: ericlewis | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Administration | Version: 0.71
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses: ui
----------------------------+------------------------------
Comment (by lovingboth):
Anyone who is an admin would be able to set the lowest acceptable password
strength to whatever they like, via a simple dropdown / radio button menu
in settings.
'''Anyone who is NOT an admin should not get to choose what the lowest
acceptable password strength is''', 'please confirm you want to use a
rubbish password' prompt or not.
Only those who would like to financially guarantee that there won't be
another user privilege escalation exploit (and there have been rather too
many of those over the years) should be allowed to disagree with that.
I'm aware that there are plugins that offer this sort of thing, but as
with brute force protection, this is something that should be in core.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35817#comment:9>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list