[wp-trac] [WordPress Trac] #35817: Force users to set strong passwords
WordPress Trac
noreply at wordpress.org
Thu Feb 16 23:01:35 UTC 2023
#35817: Force users to set strong passwords
------------------------------------+------------------------------
Reporter: ericlewis | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Login and Registration | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion close | Focuses: ui
------------------------------------+------------------------------
Comment (by jrchamp):
Systems should be "secure by default", not "secure when you install the
right plugin". If you agree that `Peter Wilson!` is a weak password, then
what we should be doing is increasing the baseline for what weak means. If
we're using zxcvbn scores, then nothing should be less than 4/4. Ideally,
we should take it one step further and use the guesses_log10 value instead
and encourage people to choose something 15+ or 20+. This GitHub page
makes those values visible: https://lowe.github.io/tryzxcvbn/
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35817#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list