WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 8 months ago

#18399 closed enhancement (duplicate)

Password Strength Meter should usually mark passwords that contain password as weak

Reported by: jorbin Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Users Keywords: has-patch
Focuses: Cc:

Description

Password (in human and l337 form) is a horrible password. Unless a password is really long, we should mark passwords that contain 'password' as weak.

Test Case : password123 returns Strong

Attachments (1)

password.patch (1.2 KB) - added by jorbin 3 years ago.

Download all attachments as: .zip

Change History (7)

jorbin3 years ago

comment:1 danielbachhuber3 years ago

  • Cc d@… added

comment:2 pavelevap3 years ago

  • Cc pavelevap@… added

And what about translation of "password" for other languages?

comment:3 follow-up: solarissmoke2 years ago

  • Keywords close added

What about all the other weak phrases that people might use? Like say using their username or qwerty or wordpress (I've seen it done) in the password? The strength meter is only a guide and the user should still use some common sense - we can only hold their hand so far.

comment:4 in reply to: ↑ 3 ericlewis20 months ago

  • Cc eric.andrew.lewis@… added

Replying to solarissmoke:

What about all the other weak phrases that people might use?

Perhaps we could include a list of the top 25 (more?) most common passwords, and return "Very Weak" for all of them? I'm not sure what the best compromise between security and code bloat would be here.

comment:6 DrewAPicture8 months ago

  • Keywords close removed
  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #21737.

Actually, closing as a duplicate.

Note: See TracTickets for help on using tickets.