WordPress.org

Make WordPress Core

Opened 12 years ago

Closed 11 years ago

#13324 closed enhancement (fixed)

Limit auto-generated passwords to alphanumeric chars for usability (from wp-hackers)

Reported by: jeremyclarke Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch commit
Focuses: Cc:

Description

On WP-Hackers a change to the auto-generated passwords was proposed. The passwords should only contain letters and numbers (including uppercase) so that people don't get freaked out by them. The current passwords are also unnecessarily hard to copy/paste because the non-alphanumeric characters foil the click-to-select features of Mac OSX if not other operating systems as well.

Thread URL:
http://groups.google.com/group/wp-hackers/browse_thread/thread/b1ab78c2b54572c2#

Ma.tt supports the change and unless someone has a really good argument I think it should be implemented after 3.0 is launched.

On a theoretical level this change will make passwords slightly less secure but the difference is probably not something that will affect anyone. It may actually increase the likelihood of secure passwords since users will be less likely to change their password immediately if its something they actually know how to type!

I am traveling right now and can't make a patch but Otto already figured out what is needed:

That would be basically a simple 1 line patch.

In wp-login.php, in reset_password(), change this:
$new_pass = wp_generate_password();

To this:
$new_pass = wp_generate_password(12,false);

A similar change can be made in register_new_user() if you want to
affect how new user password's look.

Attachments (1)

13324.2.diff (4.1 KB) - added by Otto42 12 years ago.
Patch that changes everywhere a new user is created

Download all attachments as: .zip

Change History (8)

@Otto42
12 years ago

Patch that changes everywhere a new user is created

#2 @Otto42
12 years ago

Attached a patch that changes pretty much everywhere I could find that creates a new user.

#3 @scribu
12 years ago

  • Keywords has-patch added

#4 @demetris
12 years ago

  • Cc dkikizas@… added

#5 @nacin
11 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Triage to 3.1

#6 @nacin
11 years ago

  • Component changed from Accessibility to Administration

Moving this off a11y.

#7 @westi
11 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [16284]) Generate Human Readable passwords as they are much more userfriendly. Fixes #13324 props Otto42.

Note: See TracTickets for help on using tickets.