WordPress.org

Make WordPress Core

Opened 7 years ago

Closed 6 years ago

#13324 closed enhancement (fixed)

Limit auto-generated passwords to alphanumeric chars for usability (from wp-hackers)

Reported by: jeremyclarke Owned by:
Milestone: 3.1 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch commit
Focuses: Cc:

Description

On WP-Hackers a change to the auto-generated passwords was proposed. The passwords should only contain letters and numbers (including uppercase) so that people don't get freaked out by them. The current passwords are also unnecessarily hard to copy/paste because the non-alphanumeric characters foil the click-to-select features of Mac OSX if not other operating systems as well.

Thread URL:
http://groups.google.com/group/wp-hackers/browse_thread/thread/b1ab78c2b54572c2#

Ma.tt supports the change and unless someone has a really good argument I think it should be implemented after 3.0 is launched.

On a theoretical level this change will make passwords slightly less secure but the difference is probably not something that will affect anyone. It may actually increase the likelihood of secure passwords since users will be less likely to change their password immediately if its something they actually know how to type!

I am traveling right now and can't make a patch but Otto already figured out what is needed:

That would be basically a simple 1 line patch.

In wp-login.php, in reset_password(), change this:
$new_pass = wp_generate_password();

To this:
$new_pass = wp_generate_password(12,false);

A similar change can be made in register_new_user() if you want to
affect how new user password's look.

Attachments (1)

13324.2.diff (4.1 KB) - added by Otto42 7 years ago.
Patch that changes everywhere a new user is created

Download all attachments as: .zip

Change History (8)

@Otto42
7 years ago

Patch that changes everywhere a new user is created

#2 @Otto42
7 years ago

Attached a patch that changes pretty much everywhere I could find that creates a new user.

#3 @scribu
7 years ago

  • Keywords has-patch added

#4 @demetris
7 years ago

  • Cc dkikizas@… added

#5 @nacin
6 years ago

  • Keywords commit added
  • Milestone changed from Awaiting Triage to 3.1

#6 @nacin
6 years ago

  • Component changed from Accessibility to Administration

Moving this off a11y.

#7 @westi
6 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [16284]) Generate Human Readable passwords as they are much more userfriendly. Fixes #13324 props Otto42.

Note: See TracTickets for help on using tickets.