WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#39260 closed feature request (duplicate)

Password strength improvement

Reported by: ravinderk Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: javascript Cc:

Description

https://cloud.githubusercontent.com/assets/1784821/21086649/8551df02-c044-11e6-84b3-06af51abbc10.png

It seems WordPress currently measure password strength only on basis of password length. It can be stronger on basis of following credentials:

  1. Length ( nine will be ok)
  2. Uppercase case character ( one will be ok )
  3. Lowercase character
  4. Number
  5. A password should not be start and end with space.
  6. Special Character

Change History (3)

#1 follow-up: @dd32
3 years ago

Welcome back to Trac @ravinderk

We actually use Dropbox's zxcvbn library for the password strength meter, it does seems strange that demo demo demo is marked as strong though!

#2 in reply to: ↑ 1 @ravinderk
3 years ago

Replying to dd32:

Welcome back to Trac @ravinderk

We actually use Dropbox's zxcvbn library for the password strength meter, it does seems strange that demo demo demo is marked as strong though!

@dd32 Yes, that's strange.

#3 @pento
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed
  • Version 4.7 deleted

This was fixed in zxcvbn 3.5.0, WordPress uses 1.0.0.

We've been needing to update for a while, see #31647.

Note: See TracTickets for help on using tickets.