14 Comments


  1. Interesting idea and something I tend to lean towards. Even though it’s our responsibility to create our own strong passwords, I think this would be good. Having worked with tons of new users and beginners, this option, although might be passed over by some, would just make it easier to auto-generate a new one rather than spend even the extra few seconds coming up with their own. Overall, we would have better ends results than we do now.

    Reply

  2. Lets say i am the admin to this site and I send Jeff his strong password.

    What’s to stop him from changing the password to somethimg simple to remember?

    What about the option of forcing people to change passwords every x days? It must be at least 50% strong.

    It is good idea to change passwords every so often.

    Reply
  3. Andreas Nurbo

    If anything it should be a word based password generator. Like the comic: http://xkcd.com/936/ thats what I do life is much easier since.

    Reply

  4. I’m in favour of adding this to Core. With all of the security issues and attack scripts, good password security is truly a Core issue, and what better way to educate users than creating and showing them good passwords?

    Reply

  5. I use LastPass, and all of my passwords are generated by it, so I won’t see any effect. Ultimately, I think adding a password generator to core is a step in the right direction. The strength meter helps to make people aware of the issue of password security, so it is only natural that we should provide a generator to help them confront the issue.

    I’d really like to see WordPress force all users to have strong passwords by default (with the ability to disable), or at least all administrators.

    Reply

  6. It’s a tricky one. It would be helpful, but is it really something WordPress should do?

    We do also have Apple’s iCloud Keychain now too. That only helps Mac users, I know, but it’s worth mentioning.

    Reply
  7. Steve

    I think it’s a good idea. We often see that lots of people pick terrible passwords and as developers in an age where sites are constantly being pounded by potential hackers secure passwords are a no-brainer first line of defence. The cPanel apprroach is good, and making users tick the ‘I have copied this password in a safe place’ is a nice touch.

    Reply

  8. I use LastPass to generate my passwords and prefer using their memorable option since it is a lot cleaner and then I throw in a few special characters and numbers to increase the strength.

    But, for those who don’t have LastPass or use a similar password generator, then it’s a good option to have one for WordPress. The only issue is if it creates a very scrambled password like cPanel. You’ll need to write it down or put it into a password manager.

    Reply
  9. Andrew

    I think that a login limiter to limit the number of allowed login attempts would be a more useful feature to add to core.

    Reply

  10. There’s also my WP Password Generator, which includes the functionality missing from Simple User Password Generator :)

    Reply

  11. Well, the password strength meter is there so the password generator would be a nice addition to that. I’m in favor of a password generator that ONLY creates STRONG passwords but I don’t want WordPress to tell me that I need a strong password to continue. That would be annoying for local dev environments.

    Reply
  12. Jason

    Unless I hallucinated the entire event, doesn’t wordpress.com have a strong random generator built into it’s signup process?

    If it’s good enough for .com, it’s good enough for .org :)

    Like Ajay, I already use LastPass to handle password generation so this won’t matter much to me, but given how many 123456 passwords are probably still in rotation I wouldn’t mind seeing this.

    Reply

Leave a Reply