Opened 9 years ago
Closed 8 years ago
#36287 closed defect (bug) (wontfix)
Password strength meter unreliable
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.4.2 |
Component: | General | Keywords: | close |
Focuses: | Cc: |
Description
I'm using the WooCommerce plugin. I reached out the the plugin developer and they said they use WordPress's meter for password strength. https://wordpress.org/support/topic/password-strength-not-working
Following the password hints I've found it difficult to meet the medium strength password. I've not been able to get a 7 character password to pass. Sometimes the meter says the password is medium or strong and then after making the password longer it says it's weak.
One example of a password that was labeled weak is I used a random string of three letters with the first capitalized. Then the @ symbol. Followed by 3 numbers and an exclamation. According to the password tips this should be approved. In a password I had a string of three numbers and for some reason 194 was considered weak but 195 was medium. Then certain random strings of letters weren't approved either. I'm not seeing why these random entries are blacklisted.
Is there a way to adjust the settings for the password strength?
Hi @n13design, welcome to WordPress Trac!
Replying to n13design:
That would somewhat defeat the entire purpose if what constituted "strong" could be altered. A weak password is still weak even if you change the UI so it tells you it's strong. A seven character password is not considered strong due to its short length.
Note that WordPress' password strength meter uses the zxcvbn library from Dropbox, which is well trusted. You may want to take a read through the announcement post for zxcvbn for more details.