Password complexity verification flawed in WordPress 3.7

  • benjaminrwalsh

    (@benjaminrwalsh)


    11 years ago

    Attention WordPress developers:

    Password “padding” is a highly effective method for making complex passwords that are easy to remember. Consider the example password “88888KaT_88888” which registers as “weak” according to WordPress 3.7. That is NOT a weak password. It contains upper and lower case letters with symbols, and is over 14 characters long without any dictionary words!

    It is a pain to require ridiculously complex passwords — there’s no need for this. I don’t want to spend all day resetting and typing passwords when it’s completely unnecessary.

    WordPress 3.7’s password complexity check is flawed.

Viewing 16 replies (of 16 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    You’re using a hammer instead if a screwdriver in this case.

    WordPress isn’t a password management tool, it’s just trying to help stop the rampant abuse of passwords like 123456 and I wish I was exaggerating.

    Use 1Password or LastPass for good, secure, password storage and generation.

Viewing 16 replies (of 16 total)
  • The topic ‘Password complexity verification flawed in WordPress 3.7’ is closed to new replies.

Tags