id	summary	reporter	owner	description	type	status	priority	milestone	component	version	severity	resolution	keywords	cc
13324	Limit auto-generated passwords to alphanumeric chars for usability (from wp-hackers)	jeremyclarke		"On WP-Hackers a change to the auto-generated passwords was proposed. The passwords should only contain letters and numbers (including uppercase) so that people don't get freaked out by them. The current passwords are also unnecessarily hard to copy/paste because the non-alphanumeric characters foil the click-to-select features of Mac OSX if not other operating systems as well.

Thread URL:
http://groups.google.com/group/wp-hackers/browse_thread/thread/b1ab78c2b54572c2#

Ma.tt supports the change and unless someone has a really good argument I think it should be implemented after 3.0 is launched. 

On a theoretical level this change will make passwords slightly less secure but the difference is probably not something that will affect anyone. It may actually increase the likelihood of secure passwords since users will be less likely to change their password immediately if its something they actually know how to type!

I am traveling right now and can't make a patch but Otto already figured out what is needed:

{{{
That would be basically a simple 1 line patch.

In wp-login.php, in reset_password(), change this:
$new_pass = wp_generate_password();

To this:
$new_pass = wp_generate_password(12,false);

A similar change can be made in register_new_user() if you want to
affect how new user password's look.
}}}






"	enhancement	closed	normal	3.1	Administration		normal	fixed	has-patch commit	jeremyclarke dkikizas@…