How strong is your password?
No matter how good the software running on a website is, there is always the human factor. If your password is “test”, “1234”, “qwerty” or anything obvious then you are putting your blog at risk of having it hacked. For that reason the password change form on the profile page now checks how strong your password is.
A password can have four levels of strength:
- Too short
- Bad
- Good
- Strong
Please try to make your passwords “strong”, but we’ll accept “good” passwords too. It makes it a bit harder to change your password but the extra effort is worth it.
We’re using this code by Phiras. Thank you Phiras for making it available! I’m going to integrate this into WPMU soon as strong passwords are so important for site security.
Wow! It’s ages since I’ve made a post about a new feature here. There’s a good reason for that. My wonderful son Adam was born on April 21st and had a small bit to do with my lack of updates. I’m working on a few more things now so I’ll be back to blog about more goodies soon!
- June 7, 2007
- Features, New Features, Security, WordPress.com
Congratulations Donncha on the birth of your son.
Passwords need to be strong and there are many places where you can generate good passwords then store them using http://www.clipperz.com or http://www.roboform.com. It’s also a good idea to change them now and again, just to thwart those that will persist in trying to hack them.
It’s great to see a p/w checker on site, nice one. Keep up the great work.
LikeLike
congratulations, lindo chico! 🙂
LikeLike
I would like to know how secure and usable a passphrase is compared to a password. It’s easy to remember a phrase, even a nonsensical one (especially if it’s funny). The phrase “it’s 2007 where is my flying car?” is very easy to remember, and yet I is very difficult to brute force — googeling it gives results (2) as a search for “a7f834”. But the phrase is infinitely easier to remember.
The biggest two downsides of passphrases I can think of is that:
a) they take longer to enter — but an extra half-seconds of typing every day is less frustrating then an extra 30 seconds of trying to remember a password every week.
b) Since they are longer, there is a greater chance of typos — but i think it would be possible to autocorrect for common typos (teh –> the, and so forth). It is 2007 after-all, we may not have flying cars, but we have computers that can recognize a simple phrase.
LikeLike
I’ve ported this code to PHP, if a server side check is also necessary.
Source code at http://www.alixaxel.com/wordpress/2007/06/09/php-password-strength-algorithm/
LikeLike
decent add.
i also feel comfortable with a strong password.
LikeLike
Congratulations on the birth of your son and my appreciation for your continued improvement of WordPress.com
LikeLike
Congrats on the birth of Adam. & Thank you for the update 🙂
LikeLike
Hehe.. mine is STRONG :p
LikeLike
My password can bench press 1000lbs!!!
LikeLike
Roboform password generator rocks….. Iife can be simple if you use good tools..
Jose
LikeLike
My password is strong. I even make mistakes (a lot of mistakes) when typing it. Haha! 😛
LikeLike
I rented my upper floor “Brain” long time ago so I try to use same password and yes its strong. 😛
LikeLike
How about — REALLY STRONG. 😉
LikeLike
My password is strong.
LikeLike