Strong password filter?

  • Resolved therealgilles

    (@chamois_blanc)


    3 years, 10 months ago

    Hello,

    It would be great if there was a filter available for the strong_pass function so that requirements can be easily customized.

    Additionally I think there is an issue with the password length requirements hardcoded in some of the forms, instead of relying on the min/max numbers specified in the forms, here:

    
wp-content/plugins/ultimate-member/includes/core/class-password.php:
				if ( strlen( utf8_decode( $args['user_password'] ) ) < 8 ) {

wp-content/plugins/ultimate-member/includes/core/um-actions-account.php:
						if ( strlen( utf8_decode( $_POST['user_password'] ) ) < 8 ) {

    Let me know if I got that wrong.

    PS: The notion of strong password having to contain numbers and non-alphanumeric characters has been debunked by security experts. The only parameter that counts for a password to be considered “strong” is its length. Therefore it would be great to have an option that just relies on password length and allows a length greater than 30 characters, maybe something like 64 at least.

    I appreciate all the work put in for this plugin ??

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Strong password filter?’ is closed to new replies.