Password entry field doesn’t obfuscate your password

  • [ Moderator note: moved to How-to and Troubleshooting. ]

    Hi,

    I just created a WordPress account (through DreamHost’s “one-click install”). I received an email once the account was setup, and one of the first steps was to enter a password for the account. The link took me to the WordPress site with a simple form in the middle of the page. The form had one field — where you type your new password. My beef with the password field is two-fold:

    1) As you type a new password, it can be easily read by anyone looking at your screen, because it’s not obfuscated with asterisks or the like.
    2) The font-size in the text field is huge! Not only is the password plainly visible, it is plainly visible from across the room.

    My recommendation is that WordPress use the “type it twice” approach with obfuscated password fields. It’s used elsewhere on the site when a user wants to change their password, so why not use it when an account is created?

    Thanks!

    PS – I realize this could be an issue with DreamHost, but since the password entry was actually on a page on the WordPress domain, I thought it most likely wasn’t related to DreamHost.

Viewing 1 replies (of 1 total)
  • Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    It’s not just DreamHost. The way our current installer works is that it picks a random username for you and a password which it doesn’t save. So when you get the email, it has a link to click to change it and log in.

    That’s the page you’re looking at. And that is a default WordPress page.

    The reason it’s not hidden is so you can be sure of what you’re tying in, since there’s no confirmation or second password field. You know the one, enter twice?

    But that’s an interesting point… We could make that hidden and do the double up.

Viewing 1 replies (of 1 total)
  • The topic ‘Password entry field doesn’t obfuscate your password’ is closed to new replies.