benjaminsumner

Have you heard the argument of writing it down on a piece of paper as opposed to on the Web or a computer?

I was talking about a piece of paper. But even that is an office no-no. Lock it up? Sure. But remember who the users are – dozens of contributors in an office, some in their 70s. Not easy to enforce.

I wouldn’t rely on your successful experience of weak passwords, weak passwords in general are easier to discover.

‘password’ or ‘12345’ is a ‘weak’ password. Now, WordPress thinks aL123sk!#1 is a weak password, though it used to show as strong. Quite a jump.

Is that happening with the new update of WordPress or something? I’m asking because I don’t know if WordPress forces you as I can’t remember being forced to do this.

Depending on the configuration, it can. Regardless, considering the client, telling them that aL123sk!#1 is a weak password is essentially telling them to try again. Confusion. Forgotten passwords. Lost productivity. More work. Not good.

so they may overrule dislike from its users if the resulting change does more good than harm.

That’s actually refreshing to hear. Got a hard enough time getting folks to remember minimum 10-character passwords with at least one of each upper/#/special character. But definitely looking for alternatives in the meantime as to not confuse folks by telling them aL123sk!#1 is weak and therefore unacceptable.

The new criteria for ‘strong’ password on 3.7.1 is something with such complexity that it can’t be easy to remember. If it’s not easy to remember, it gets written down in plain sight. If it gets written down in plain sight, it’s not ‘strong’ at all, now, is it? Does the software take that into account with its grading system? Nope. Now, imagine managing dozens of contributors and requiring them to succumb to this. Admins would be unlocking accounts and resetting passwords all day. It would be a nightmare.

www.ads-software.com and password security folks can defend the ‘strong’ criteria all they want, but this change will definitely cause confusion and far more work for a lot of people. And no, not a single one of these accounts had been hacked with these so-called ‘weak’ passwords.

Late last night a friend figured it out. This might be helpful:

The latest versions of NextGen Gallery had been giving us problems lately, so we downgraded. But apparently, we didn’t downgrade far enough, because somehow, THAT was affecting the TablePress (relates to our theme as well).

Putting NextGen Gallery Version 1.9.13 back literally solved the entire issue!

Sorry to bring this up so soon before we figured it out but hoping this will help others!