Make WordPress Core

Opened 16 months ago

Last modified 3 months ago

#57540 new enhancement

make WordPress password management more “understandable”?

Reported by: ludovicsclain's profile ludovicsclain Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 6.1.1
Component: Login and Registration Keywords:
Focuses: Cc:

Description

Hey there 👋
I’m not sure I’m in the right place to suggest something but here I go:
Are there plans to make WordPress password management more “understandable”?

Let me explain :
when my users need to change their password (after a lost password or an expiration), the “Save password” is confusing, most forget to copy/paste this password somewhere and understand that the password has been saved.

https://markuphero.com/share/N8RP1UaE0rIYXih6TxiI

If in addition the user is used to having his browser save his passwords, the confusion is even greater: the user clicks on “Save password”, returns to the login page, the browser automatically fills in the fields (with the old password) and obviously… login failure!

I use cPanel and just had to create a new database, I find the user experience more explicit: I have a “Password generator” button and then a mandatory checkbox “I have copied this password in a safe place.” then finally a “Use password”.

What do you think ? Am I the only one who thinks these steps deserve a better UX? 😬

Change History (2)

#1 follow-up: @georgestephanis
3 months ago

  • Component changed from Application Passwords to Login and Registration

I think this may have gotten lost in the Application Passwords component -- when this (by my reading) is intending to address actual password change flow.

I'm adjusting it to the "Users / Login and Registration" component, which I believe would be the relevant place for discussing user password change flows.

I believe that generally when a password field is submitted to the site with a different password than a password manager expects, it will kick off a flow in a password manager to update the existing password, but it could vary based on the password manager being used.

I'd be curious to see a "proof of concept" plugin for an improved, more explicit flow, to serve as a proposal for this iteration in core!

#2 in reply to: ↑ 1 @ludovicsclain
3 months ago

Replying to georgestephanis:

I think this may have gotten lost in the Application Passwords component -- when this (by my reading) is intending to address actual password change flow.

I'm adjusting it to the "Users / Login and Registration" component, which I believe would be the relevant place for discussing user password change flows.

I believe that generally when a password field is submitted to the site with a different password than a password manager expects, it will kick off a flow in a password manager to update the existing password, but it could vary based on the password manager being used.

I'd be curious to see a "proof of concept" plugin for an improved, more explicit flow, to serve as a proposal for this iteration in core!

Thank you @georgestephanis for considering my request, I can indeed think of a plugin improving all of this, but by doing some research I realize that solutions have already been mentioned on other tickets but that they have not been followed:

https://core.trac.wordpress.org/ticket/39638#comment:23

Notably when @estelaris explains that his host implemented the way cPanel manages passwords in WordPress, this is the direction I was proposing.

Note: See TracTickets for help on using tickets.