Weak password, general message?

  • Hi,

    QS1:

    When activating your plugin I get:

    You have not asked your users to change their passwords since the plugin was activated. Most users have weak passwords. This plugin’s password policies protect your site from brute force attacks. Please improve security for everyone on the Internet by making all users pick new, strong, passwords.

    Is this just a general message, or does your plugin really know that my users have weak passwords? I can’t see the passwords they use, so I’m asking… because how can your plugin then decide it are weak passwords?

    QS2:

    I let my customer register themselves with Formidable Registration plugin. This plugin generates a password itself, which I figured out is not ‘strong’ enough considering your plugin.

    Do you offer other plugin developers a tool/API or something like that so they can confirm to your ‘password strenght guidelines’?

    Kind regards,

    Willem

    https://www.ads-software.com/plugins/login-security-solution/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Thread Starter Willem-Siebe

    (@siebje)

    Hi,

    QS3

    I don’t understand the difference between these options:

    Should multiple failure notifications be sent to the administrators?
    No, just notify them the first time that x matching login failures happen.
    Yes, notify them upon every x matching login failures.

    Plugin Author Daniel Convissor

    (@convissor)

    1) It’s a general message.

    2) Hmm. Guess I could add a hook that runs the login_security_solution::validate_pw() method or see if WP already has one.

    3) If your failure level is set to 50, the “No” option notifies you at 50 failures and that’s it while the “Yes” option notifies you at 50, 100, 150, etc.

    Thread Starter Willem-Siebe

    (@siebje)

    Hi Daniel,

    Thanks for the answers. Any more info about QS 2 and your plans?

    Kind regards,

    Willem

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Weak password, general message?’ is closed to new replies.