[wp-trac] [WordPress Trac] #35817: Force users to set strong passwords
WordPress Trac
noreply at wordpress.org
Thu Feb 16 22:40:47 UTC 2023
#35817: Force users to set strong passwords
------------------------------------+------------------------------
Reporter: ericlewis | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion close | Focuses: ui
------------------------------------+------------------------------
Changes (by peterwilsoncc):
* keywords: 2nd-opinion => 2nd-opinion close
* component: Administration => Login and Registration
Comment:
I think the lack of progress on this ticket indicates enforcing password
strengths in WordPress is unlikely to be implimented.
A part of the problem is that it's difficult to determine what is `weak`
via algorithm alone. It's possible a false sense of security will be given
to users by enforcing strong passwords that actually are not. For example,
setting up an account with the username `peterwilsoncc`, I was able to
remove the weak password warnings with the passwords `Peter Wilson!` and
`peterwilsonseasea`, both of which a human would consider weak.
I suggest this ticket be closed and enforcing minimum strength passwords
remain plugin territory.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35817#comment:19>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list