Default Easy Password

  • rocketmarketing

    (@rocketmarketing)


    8 years ago

    Hello everybody!

    I have a WP site where doctors have an account created for them along with a password. I am receiving a ton of complaints about the password being to hard to use. Yes they can change it, but for them to spend time to figure it out won’t happen.

    The default passwords look something like this…. V14&*oi#$45jk!@””D44. There is no way in the world for these doctors to be able to figure out how to type that. Many of these doctors have simply stopped using the site.

    The number one rule in UX is to meet user expectations. This does not meet user expectations.

    The fix. All automatically passwords should be generated like this.
    Color, Thing, Verb, 3 digit Number, Symbol. An no fancy symbols. Just the top row of the numbers on the keyboard.

    BlueWagonSupporting556!

    Thanks,

    Steve

Viewing 2 replies - 1 through 2 (of 2 total)
  • catacaustic

    (@catacaustic)

    Setting default passwordsas you’ve suggested is pretty insecure. If it was done like that there’s only a small (in relative terms) amount of possible passwords that would be available, so cracking them would be trivial these days.

    The symbols are there for a reason – they do make password harder, both to crack and to remember.

    And to be honest, if someone that’s smart enough to get a dotorate cant figure out how to update their password through a few basic links, there’s more problems then just usability.

    But, if you do need easier passwords, the best idea is to create the accounts manually. That way you can set whatever passwords you want to.

    Moderator cubecolour

    (@numeeja)

    There’s a good idea for strong but memorable passwords in the XKCD comic at https://xkcd.com/936/

    I’ve put together a simple plugin to filter the replace the default random password generator with a XKCD style password generator using the server’s dictionary words list.

    This plugin needs a readme & some additional testing before I submit it to the plugins directory, but it should work on most *nix systems

    
<?php
/*
Plugin Name: XKCD Passwords
Plugin URI: https://cubecolour.co.uk
Description: Generates new passwords using XKCD 'four random words'
Author: cubecolour
Version: 1.0.0
Author URI: https://cubecolour.co.uk
Text Domain: xkcd-password

Licence: GPL
props to:
XKCD: https://xkcd.com/936/
bendiy: https://gist.github.com/bendiy/5688443
*/

if ( ! defined( 'ABSPATH' ) ) exit;

function cc_xkcd_password_generator() {
	$lines = file('/usr/share/dict/words', FILE_IGNORE_NEW_LINES);
	$length = count($lines);
	$password = '';
	for ($i = 1; $i <= 4; $i++) {
		$plain = FALSE;
		while (!$plain) {
			// Get random word from $lines
			$key = mt_rand(0, $length);
			if ((preg_match("/^[a-z]+$/", $lines[$key]) == 1) && (strlen($lines[$key]) < 9)) {
				//* String only contains a to z characters
				$plain = TRUE;
				$password = $password . $lines[$key];
				//* Add hyphen between words
				if ($i != 4 ){
					$password = $password . '-';
				}
			}
		}
	}
	return $password;
}
add_filter( 'random_password', 'cc_xkcd_password_generator' );
    • This reply was modified 8 years ago by cubecolour.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Default Easy Password’ is closed to new replies.