Use a monospace-type font to display passwords

[robdxw]

There are a number of places where passwords are echoed back to users e.g. in wp-activate.php when a user activates their account, or when a password is suggested when a user first registers.

Because these fields are generally displayed in Helvetica Neue or Arial, there is the potential for character confusion if a user transcribes their password, rather than copy-and-pasting. This would be eliminated by using a monospace-type font to display the password.

E.g. compare

lIo1O0loI

to

lIo1O0loI

[robdxw]

Example on user profile age.

[mikeschroder]

Sorry for the very slow response on this ticket!

It was brought up in triage today, and I think it's a great idea -- this seemed to be consensus in the meeting as well.

Moving it to Future Release, and adding good-first-bug so that it gets a bit more visibility from folks.

[utz119]

The monospace font has been added to the password field.

[hedgefield]

Looks good! Thanks for making a patch, good suggestion. What needs to be done here to ship this?

[Hareesh Pillai]

Patch updated against trunk

[Hareesh Pillai]

This ticket has design feedback and an updated patch.
Adding it to the upcoming milestone.

[ryelle]

In 50846:

Login, Users: Use a monospace font to display passwords.

When typing a password, the input field should use a monospace font. It's easier to distinguish letters in monospace fonts, which makes it easier to accurately read passwords.

Props robdxw, utz119, hedgefield, hareesh-pillai.
Fixes #40275.

[pixolin]

While I agree, formatting the password input field with a monospace font makes it by far more readable, I believe it would be easier to add the existing class code to the input-field in file https://core.trac.wordpress.org/browser/trunk/src/wp-admin/user-new.php (line 637)

<input type="password" name="pass1" id="pass1" class="regular-text code" value="" autocomplete="off" data-pw="<?php echo esc_attr( wp_generate_password( 24 ) ); ?>" aria-describedby="pass-strength-result" />

and in https://core.trac.wordpress.org/browser/trunk/src/wp-admin/user-edit.php (line 567):

<input type="password" name="pass1" id="pass1" class="regular-text code" autocomplete="off" data-reveal="1" data-pw="<?php echo esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result" />

The class .code was already defined in file https://core.trac.wordpress.org/browser/trunk/src/wp-admin/css/install.css (line 53).

Certainly not a big difference, but redeclaring a css rule seems redundant to me.

(Sorry for not providing a patch. Haven't done that since ages and feel somewhat clueless if it comes to SVN.)

[desrosj]

I'm going to close this out again as we're just about ready to package 5.8 RC1 and this would be a relatively minor change that is not a blocker for that to happen.

If a committer feels like this should be addressed prior to 5.8's release, they can reopen and make the change. If there's more sentiment that the new suggestion should be applied, but it can wait for 5.8.1 or 5.9, let's open a new ticket.

[pixolin]

Honestly, I wasn't even sure if reopening the ticket was the right thing to do. Since my objection here is a banality, I fully understand that it is not being given priority. Perhaps it can be accommodated in a future release.

Thank you for your kind attention.