#40275 closed enhancement (fixed)
Use a monospace-type font to display passwords
Reported by: | robdxw | Owned by: | ryelle |
---|---|---|---|
Milestone: | 5.8 | Priority: | normal |
Severity: | normal | Version: | 5.8 |
Component: | Users | Keywords: | good-first-bug needs-patch |
Focuses: | ui, css | Cc: |
Description
There are a number of places where passwords are echoed back to users e.g. in wp-activate.php when a user activates their account, or when a password is suggested when a user first registers.
Because these fields are generally displayed in Helvetica Neue or Arial, there is the potential for character confusion if a user transcribes their password, rather than copy-and-pasting. This would be eliminated by using a monospace-type font to display the password.
E.g. compare
lIo1O0loI
to
lIo1O0loI
Attachments (4)
Change History (15)
This ticket was mentioned in Slack in #core by noisysocks. View the logs.
5 years ago
#3
@
5 years ago
- Keywords good-first-bug added
- Milestone changed from Awaiting Review to Future Release
Sorry for the very slow response on this ticket!
It was brought up in triage today, and I think it's a great idea -- this seemed to be consensus in the meeting as well.
Moving it to Future Release, and adding good-first-bug
so that it gets a bit more visibility from folks.
#6
@
4 years ago
- Keywords needs-design-feedback removed
Looks good! Thanks for making a patch, good suggestion. What needs to be done here to ship this?
#7
@
4 years ago
- Milestone changed from Future Release to 5.8
This ticket has design feedback and an updated patch.
Adding it to the upcoming milestone.
#8
@
4 years ago
- Owner set to ryelle
- Resolution set to fixed
- Status changed from new to closed
In 50846:
#9
@
4 years ago
- Keywords needs-patch added; has-patch removed
- Resolution fixed deleted
- Status changed from closed to reopened
- Version set to trunk
While I agree, formatting the password input field with a monospace font makes it by far more readable, I believe it would be easier to add the existing class code
to the input-field in file https://core.trac.wordpress.org/browser/trunk/src/wp-admin/user-new.php (line 637)
<input type="password" name="pass1" id="pass1" class="regular-text code" value="" autocomplete="off" data-pw="<?php echo esc_attr( wp_generate_password( 24 ) ); ?>" aria-describedby="pass-strength-result" />
and in https://core.trac.wordpress.org/browser/trunk/src/wp-admin/user-edit.php (line 567):
<input type="password" name="pass1" id="pass1" class="regular-text code" autocomplete="off" data-reveal="1" data-pw="<?php echo esc_attr( $initial_password ); ?>" aria-describedby="pass-strength-result" />
The class .code
was already defined in file https://core.trac.wordpress.org/browser/trunk/src/wp-admin/css/install.css (line 53).
Certainly not a big difference, but redeclaring a css rule seems redundant to me.
(Sorry for not providing a patch. Haven't done that since ages and feel somewhat clueless if it comes to SVN.)
#10
@
4 years ago
- Resolution set to fixed
- Status changed from reopened to closed
I'm going to close this out again as we're just about ready to package 5.8 RC1 and this would be a relatively minor change that is not a blocker for that to happen.
If a committer feels like this should be addressed prior to 5.8's release, they can reopen and make the change. If there's more sentiment that the new suggestion should be applied, but it can wait for 5.8.1 or 5.9, let's open a new ticket.
Example on user profile age.