WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 years ago

#40234 closed enhancement (duplicate)

Do not allow weak passwords

Reported by: robdxw Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.3
Component: Security Keywords: 2nd-opinion ux-feedback
Focuses: Cc:
PR Number:

Description (last modified by SergeyBiryukov)

As noted previously (#21737), people are notoriously bad at choosing secure passwords. And passwords protect not only the integrity of the individual account but also the integrity of the system as a whole.

Therefore, allowing users to set weak passwords (even if they are nagged for doing so) compromises the security of any site that is running WordPress with the default password settings.

This could be mitigated by simply not allowing passwords that do not meet at minimum the "medium" strength requirements, or at least providing a site or network-wide checkbox setting to enforce such a policy.

Change History (8)

#1 @johnbillion
3 years ago

  • Keywords 2nd-opinion ux-feedback added
  • Version changed from 4.7 to 4.3

#2 @SergeyBiryukov
3 years ago

  • Description modified (diff)

#3 @lukecavanagh
3 years ago

I am all for being able to set a site wide option to set the password strength to at least medium strength for all users on the site.

#5 @iandunn
3 years ago

I think something like this can easily backfire if it's not done very thoughtfully, and from a user-first perspective. Anything that places too high a burden on the average user will just push them to use insecure workarounds to relieve that burden, like writing the password down on a post-it note stuck to their monitor.

I agree with Jeff Atwood's recent article on the topic, which seems to be in line with WordPress' general philosophy. He references NIST's latest recommendations to back up his argument. His conclusion was that the only rule that is effective and user-friendly is length.

If we are going to add any hard rules, then I think it might be helpful to first educate users about the reasons why strong passwords are important, and offer easy ways for them to use them (#40237). That way they'll be more likely to be receptive to any rules.

#6 @jrchamp
3 years ago

@iandunn zxcvbn, which is used for the password strength meter, does not have "rules" so much as "strength" levels that are based on the amount of entropy that they call "guesses". The current version (included in 4.8) has an option to surface specific, helpful information about why weak passwords are considered weak. It can also make some simple suggestions on how to make it better. I don't believe this new functionality is being used in 4.8, but I might be mistaken.

#8 @SergeyBiryukov
3 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Appears to be a duplicate of #35817, let's continue the discussion in that ticket.

Note: See TracTickets for help on using tickets.