[wp-trac] [WordPress Trac] #57734: 9 chars instead of 12 in wp_get_password_hint()
WordPress Trac
noreply at wordpress.org
Thu Feb 16 12:39:22 UTC 2023
#57734: 9 chars instead of 12 in wp_get_password_hint()
------------------------------------+-----------------------------
Reporter: drelkata | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Keywords: has-patch
Focuses: ui |
------------------------------------+-----------------------------
Wordpress uses zxcvbn to check password strengths and sets the minimum
required strength to 3. wp_get_password_hint() mistakenly informs the user
that a minimum password length of is 12 needed, when a length of 9 is
actually being accepted.
I know that the hint wording uses ''should'' and not ''must'', but
WooCommerce, for instance, only shows the hint when your password strength
is < 3, thus leading our users into believing they needed at least 12
characters and being confused when they managed to register with their
shorter passwords. Minimum length of 12 for passwords is a good practice,
of course, but the wording for the hint can easily be confused for an
outright requirement.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/57734>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list