6593 pointsLike some sort of WPMU DEV God"Exceptionally helpfulLifetime member
drmike
Keeper of the Dark Chocolate
—
3rd December 2010 (1 year ago)
Greets:
*sigh* 11 minutes goes by just so fast.
Just a thought since we had a security problem during the night. One of our elgg sites got hacked because the admin used her password as her husbands name. I realize that there's no real way to monitor that but a filter and a disallow for common passwords like 'password' and any string of 1234 would be a plus.
thanks,
-drmike
edit: Had our first accident in the parking lot last night. Was hoping we weren't going to have one this season. *ring* *ring*
6593 pointsLike some sort of WPMU DEV GodExceptionally helpfulLifetime member
Keeper of the Dark Chocolate
—
3rd December 2010 (1 year ago)
#
Greets:
*sigh* 11 minutes goes by just so fast.
Just a thought since we had a security problem during the night. One of our elgg sites got hacked because the admin used her password as her husbands name. I realize that there's no real way to monitor that but a filter and a disallow for common passwords like 'password' and any string of 1234 would be a plus.
thanks,
-drmike
edit: Had our first accident in the parking lot last night. Was hoping we weren't going to have one this season. *ring* *ring*
1267 pointsLike some sort of WPMU DEV GodExceptionally helpfulLifetime member
Lifetime member!
—
3rd December 2010 (1 year ago)
#
Mike
Thanks for bringing this up. This reminds us of a dilemma we are facing with an upcoming multisite launch. We decided to use the WPMU DEV "choose password at signup" plugin because we think we'll have fewer support issues if users pick their own passwords. And, this will eliminate the need for WordPress to e-mail passwords to users...a security issue.
But now we are wondering whether this is the wise move. Mike, what do you think?
WPMU DEV, does that plugin include any checks for insecure passwords?
Mark
P.S. Mike, where is this infamous parking lot you refer to? ;-)
Responses (3)
Lifetime member! — 3rd December 2010 (1 year ago) #
Mike
Thanks for bringing this up. This reminds us of a dilemma we are facing with an upcoming multisite launch. We decided to use the WPMU DEV "choose password at signup" plugin because we think we'll have fewer support issues if users pick their own passwords. And, this will eliminate the need for WordPress to e-mail passwords to users...a security issue.
But now we are wondering whether this is the wise move. Mike, what do you think?
WPMU DEV, does that plugin include any checks for insecure passwords?
Mark
P.S. Mike, where is this infamous parking lot you refer to? ;-)
Lead Developer — 3rd December 2010 (1 year ago) #
No, and I'm pretty sure it still sends their chosen password to their email.
I'm pretty sure there are plugins out there for this though
http://sltaylor.co.uk/blog/enforce-strong-wordpress-passwords/
Keeper of the Dark Chocolate — 3rd December 2010 (1 year ago) #
On iPod. Excuse short. Think current disallows on rating, not phrases. Like those who use sitename or such.
Another idea: force password change after getting email with random password during signup.
Become a member