[wp-trac] [WordPress Trac] #40234: Do not allow weak passwords
WordPress Trac
noreply at wordpress.org
Wed Mar 22 09:56:04 UTC 2017
#40234: Do not allow weak passwords
-------------------------+-----------------------------
Reporter: robdxw | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 4.7
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
As noted previously (https://core.trac.wordpress.org/ticket/21737), people
are notoriously bad at choosing secure passwords. And passwords protect
not only the integrity of the individual account but also the integrity of
the system as a whole.
Therefore, allowing users to set weak passwords (even if they are nagged
for doing so) compromises the security of any site that is running
WordPress with the default password settings.
This could be mitigated by simply not allowing passwords that do not meet
at minimum the "medium" strength requirements, or at least providing a
site or network-wide checkbox setting to enforce such a policy.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/40234>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list