[wp-trac] [WordPress Trac] #39817: Confusing password strength behavior
WordPress Trac
noreply at wordpress.org
Wed Feb 8 21:21:12 UTC 2017
#39817: Confusing password strength behavior
------------------------------------+----------------------
Reporter: mgriesde | Owner:
Type: defect (bug) | Status: closed
Priority: normal | Milestone:
Component: Login and Registration | Version: 4.7.2
Severity: normal | Resolution: invalid
Keywords: | Focuses:
------------------------------------+----------------------
Changes (by jorbin):
* status: new => closed
* resolution: => invalid
* milestone: Awaiting Review =>
Comment:
Welcome to trac mgriesde. The Password strength meter works off of
entropy and estimated time to crack a password. Some of the internals are
a bit complicated which is why it can produce slightly unexpected results,
but essentially.
There is a great [https://www.usenix.org/conference/usenixsecurity16
/technical-sessions/presentation/wheeler Video and paper explaining the
password strength meter] from a security conference and a
[https://blogs.dropbox.com/tech/2012/04/zxcvbn-realistic-password-
strength-estimation/ introductory blog post about available as well]
The rule of thumb isn't some magic combination of numbers, letters, and
symbols but length and uniqueness. (relevant [https://xkcd.com/936/ XKCD]
I'm closing this as invalid since as far as I can tell, the password
strength meter is working as expected and there is no bug but feel free to
ask for further clarification and I'll help to the best of my time and
abilities.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39817#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list