[wp-trac] [WordPress Trac] #39817: Confusing password strength behavior

WordPress Trac noreply at wordpress.org
Wed Feb 8 21:06:43 UTC 2017 

#39817: Confusing password strength behavior
------------------------------------+------------------------------
 Reporter:  mgriesde                |       Owner:
     Type:  defect (bug)            |      Status:  new
 Priority:  normal                  |   Milestone:  Awaiting Review
Component:  Login and Registration  |     Version:  4.7.2
 Severity:  normal                  |  Resolution:
 Keywords:                          |     Focuses:
------------------------------------+------------------------------
Description changed by SergeyBiryukov:

Old description:

> Hi all,
>
> we're using WordPress together with the lifterLMS plugin. lifterLMS uses
> standard WordPress passwort strength functionality.
>
> We've enabled to force strong passwords. Also to display the password
> strength meter. As a hint for our customer a text is displayed, that they
> should use at least 6 characters, a combination of alphanumeric and
> numeric characters and special characters.
>
> But not in every case the password is interpreted to be strong. For
> example:
>
> mfjg#0 => just medium (meets the above mentioned requirement)
>
> mfjg#08 => strong
>
> mfjg#081 => medium (confusing, because it has one more character...)
>
> mfjg#0815 => strong (again...)
>
> So what are the concrete password rules? I don't understand the behavior
> how the password strength is calculated. Also our customers don't.
>
> Thanks in advance
>
> Matthias

New description:

 Hi all,

 we're using WordPress together with the lifterLMS plugin. lifterLMS uses
 standard WordPress passwort strength functionality.

 We've enabled to force strong passwords. Also to display the password
 strength meter. As a hint for our customer a text is displayed, that they
 should use at least 6 characters, a combination of alphanumeric and
 numeric characters and special characters.

 But not in every case the password is interpreted to be strong. For
 example:

 `mfjg#0` => just medium (meets the above mentioned requirement)

 `mfjg#08` => strong

 `mfjg#081` => medium (confusing, because it has one more character...)

 `mfjg#0815` => strong (again...)

 So what are the concrete password rules? I don't understand the behavior
 how the password strength is calculated. Also our customers don't.

 Thanks in advance

 Matthias

--

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39817#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list