Users should have to jump through hoops to set passwords of their choosing, and we should guard better against weak passwords
|Reported by:||markjaquith||Owned by:||westi|
|Cc:||xoodrew@…, bananastalktome@…, danielc@…, info@…, daryl@…, manishkrag@…, DeanMarkTaylor, cbraddoss, ian_dunn@…, ipstenu@…, erick@…, brad@…, chris@…|
People are terrible at choosing secure, unique, complex, unguessable passwords. Unless someone is using a password storage system, the chances are good that the passwords they're choosing are really weak.
We can mitigate this problem.
- Let's make the default to always be that WordPress picks a password for you. When installing WordPress, or when creating a new user account, or when changing your password on your profile. The default should be that we generate a secure password for the user. They can remember it, write it down (not ideal, but generally more secure than choosing a weak password), or copy and use it once, check the "remember me" box, and not worry about it until their cookie expires on that computer.
- If they do opt to manually create a password, we need to do better than our current password strength meter. And the lowest level should actually nag them with an AYS before they proceed. I suggest the following, to start, which would trigger the lowest level, and cause them to have to dismiss a warning (or check a checkbox... UI TBD) before continuing:
- compare the strtolower'd version of their password to strtolower'd versions of all their info (username, first/last name, part of e-mail address before the @, etc).
- any password that is shorter than 8 characters
- a blacklist of popular passwords (these lists are available... even grabbing the top 100 would give use good coverage)
- 3 or more consecutive digits ("123456" and company are very popular)
- anything that looks like a date