WordPress.org

Make WordPress Core

Opened 13 years ago

Last modified 5 weeks ago

#9883 assigned enhancement

Password shows under Settings / Writing

Reported by: mastrup Owned by:
Milestone: 6.0 Priority: low
Severity: trivial Version: 2.7.1
Component: Administration Keywords: has-patch needs-testing has-testing-info
Focuses: ui, accessibility Cc:

Description (last modified by Denis-de-Bernardy)

The password box in the section "Post via e-mail" on Settings -> Writing should hide the password, not show it.

Attachments (2)

9883.diff (617 bytes) - added by wojtek.szkutnik 12 years ago.
9883 - PR 2070.gif (911.1 KB) - added by costdev 5 weeks ago.

Download all attachments as: .zip

Change History (27)

#1 @Denis-de-Bernardy
13 years ago

  • Keywords needs-patch added
  • Milestone changed from Unassigned to Future Release
  • Severity changed from normal to trivial

don't you mean the password over at settings / writing? If not, this is invalid -- that would have been added by a plugin.

#2 @ryan
13 years ago

  • Milestone Future Release deleted
  • Resolution set to invalid
  • Status changed from new to closed

I cant find the string 'Topics via e-mail' anywhere in WP. Please reopen with more information.

#3 @ryan
13 years ago

  • Milestone set to Future Release
  • Resolution invalid deleted
  • Status changed from closed to reopened

Ah, probably "Post via e-mail" on Settings -> Writing. Overlooked comment from Denis-de-Bernardy.

#4 @Denis-de-Bernardy
13 years ago

  • Description modified (diff)
  • Summary changed from Password to Password shows under Settings / Writing

#5 @Denis-de-Bernardy
13 years ago

  • Component changed from Security to UI
  • Milestone changed from Future Release to 2.9
  • Type changed from feature request to enhancement

#6 @bandonrandon
12 years ago

  • Cc bandonrandon@… added

This should be as simple as changing the input type from "text" to "password" which I can easily do and upload a patch. My question is because this is an admin only page and the user is theoretically setting the password for there "post via e-mail" do we want to either

a) enable an option to allow them to see the password if the checkbox is checked (ie,change the input type using jquary)

b) make the user confirm their password to make sure they typed the same thing twice and know their password

c) just change the input type and trust the user to not mess up their password and if they do they can always go back and type it again.

#7 @janeforshort
12 years ago

  • Milestone changed from 2.9 to Future Release

Punting due to schedule.

#8 @wojtek.szkutnik
12 years ago

  • Cc wojtek.szkutnik@… added

#9 @wojtek.szkutnik
12 years ago

a) is not very user-friendly for me
b) in my opinion password confirmations should be used for registration purposes only, when there's a bad user authentication data threat
I'd go with c), which is the best option out of the three simple solutions. However, one would expect a "check authentication data" button to make sure the login and password are valid.

#10 @wojtek.szkutnik
12 years ago

  • Cc wojtek.szkutnik@… removed
  • Keywords has-patch gsoc added; needs-patch removed

#11 @nacin
12 years ago

  • Keywords ux-feedback added

Seems sane to me.

#13 @dd32
12 years ago

I'm not sure emiting the password in the HTML and setting it as type="password" is going to be the best, I'm certain we'd see a "Password shown to hackers!11!1" type report in that case...

If anything, I'd like to see the field shown blank/greyed down with a message explaining it. Upon option save, it'll be possible to check to see if the value submitted is non-empty and different from the current one.

Of course, the other option is to do type=password & echo * and just prevent updating the password to that value..

#14 @dd32
12 years ago

at the same time, the password would be visible on options.php as well i believe.

#15 @wojtek.szkutnik
11 years ago

  • Cc wojtek.szkutnik@… added

#16 @sabreuse
9 years ago

  • Component changed from UI to Administration
  • Keywords ui-focus added; ux-feedback removed

See #22942 for discussion on deprecating and then removing Post By Email altogether: if that goes ahead, I don't think there will be much point in updating an interface that the majority of users won't see, and that hasn't caused complaints since this issue was raised. Until then, moving it as part of the UI cleanup.

#17 @SergeyBiryukov
9 years ago

Similar discussions for the installation screen: #3534, #5529.

The consensus was that the visible password allows the user to make sure it's typed correctly.

Last edited 9 years ago by SergeyBiryukov (previous) (diff)

#18 @ryan
8 years ago

  • Owner ryan deleted
  • Status changed from reopened to assigned

#19 @chriscct7
6 years ago

  • Keywords gsoc removed

#20 @SergeyBiryukov
5 years ago

#40402 was marked as a duplicate.

#21 @costdev
5 weeks ago

#54664 was marked as a duplicate.

#22 @costdev
5 weeks ago

Consensus on the open related ticket #3534 moved in the direction of a "Show/Hide" toggle for the password.

  • There are numerous examples of this in Core already, so it will not be a new experience for users.
  • As the screen in question is not for creating a password, but rather for entering a password that already exists an external service, there is no need to provide "Generate Password" functionality.
  • A "Show/Hide" toggle negates the need for a password confirmation field, as they can simply review the password by toggling the visibility.

#24 @costdev
5 weeks ago

  • Focuses accessibility added
  • Keywords needs-testing has-testing-info added
  • Marking as needs-testing.
  • Adding accessibility focus to verify that there are no regressions.

Testing instructions

  • Checkout PR 2070.
  • Build with npm run build or npm run build:dev, depending on your preferred test environment.
  • Navigate to Settings > Writing.
  • The password should be masked.
  • Click the "Show" button.
  • The password should be revealed and the "Show" button should now read "Hide".
  • Change the password.
  • Click "Save Changes".
  • The password should now be hidden.
  • Click the "Show" button.
  • The new password should now be visible.

#25 @costdev
5 weeks ago

  • Milestone changed from Future Release to 6.0

Milestoning for 6.0.

Similar tickets have consensus towards a solution and this ticket has been in the queue for way too long without resolution.

Note: See TracTickets for help on using tickets.