[wp-trac] [WordPress Trac] #40234: Do not allow weak passwords

WordPress Trac noreply at wordpress.org
Wed Mar 22 09:56:04 UTC 2017


#40234: Do not allow weak passwords
-------------------------+-----------------------------
 Reporter:  robdxw       |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Security     |    Version:  4.7
 Severity:  normal       |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 As noted previously (https://core.trac.wordpress.org/ticket/21737), people
 are notoriously bad at choosing secure passwords. And passwords protect
 not only the integrity of the individual account but also the integrity of
 the system as a whole.

 Therefore, allowing users to set weak passwords (even if they are nagged
 for doing so) compromises the security of any site that is running
 WordPress with the default password settings.

 This could be mitigated by simply not allowing passwords that do not meet
 at minimum the "medium" strength requirements, or at least providing a
 site or network-wide checkbox setting to enforce such a policy.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40234>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list