Limit auto-generated passwords to alphanumeric chars for usability (from wp-hackers)
|Reported by:||jeremyclarke||Owned by:|
On WP-Hackers a change to the auto-generated passwords was proposed. The passwords should only contain letters and numbers (including uppercase) so that people don't get freaked out by them. The current passwords are also unnecessarily hard to copy/paste because the non-alphanumeric characters foil the click-to-select features of Mac OSX if not other operating systems as well.
Ma.tt supports the change and unless someone has a really good argument I think it should be implemented after 3.0 is launched.
On a theoretical level this change will make passwords slightly less secure but the difference is probably not something that will affect anyone. It may actually increase the likelihood of secure passwords since users will be less likely to change their password immediately if its something they actually know how to type!
I am traveling right now and can't make a patch but Otto already figured out what is needed:
That would be basically a simple 1 line patch. In wp-login.php, in reset_password(), change this: $new_pass = wp_generate_password(); To this: $new_pass = wp_generate_password(12,false); A similar change can be made in register_new_user() if you want to affect how new user password's look.