• Hello everybody!

    I have a WP site where doctors have an account created for them along with a password. I am receiving a ton of complaints about the password being to hard to use. Yes they can change it, but for them to spend time to figure it out won’t happen.

    The default passwords look something like this…. V14&*oi#$45jk!@””D44. There is no way in the world for these doctors to be able to figure out how to type that. Many of these doctors have simply stopped using the site.

    The number one rule in UX is to meet user expectations. This does not meet user expectations.

    The fix. All automatically passwords should be generated like this.
    Color, Thing, Verb, 3 digit Number, Symbol. An no fancy symbols. Just the top row of the numbers on the keyboard.




Viewing 2 replies - 1 through 2 (of 2 total)
  • Setting default passwordsas you’ve suggested is pretty insecure. If it was done like that there’s only a small (in relative terms) amount of possible passwords that would be available, so cracking them would be trivial these days.

    The symbols are there for a reason – they do make password harder, both to crack and to remember.

    And to be honest, if someone that’s smart enough to get a dotorate cant figure out how to update their password through a few basic links, there’s more problems then just usability.

    But, if you do need easier passwords, the best idea is to create the accounts manually. That way you can set whatever passwords you want to.

    Moderator cubecolour


    There’s a good idea for strong but memorable passwords in the XKCD comic at https://xkcd.com/936/

    I’ve put together a simple plugin to filter the replace the default random password generator with a XKCD style password generator using the server’s dictionary words list.

    This plugin needs a readme & some additional testing before I submit it to the plugins directory, but it should work on most *nix systems

    Plugin Name: XKCD Passwords
    Plugin URI: http://cubecolour.co.uk
    Description: Generates new passwords using XKCD 'four random words'
    Author: cubecolour
    Version: 1.0.0
    Author URI: http://cubecolour.co.uk
    Text Domain: xkcd-password
    Licence: GPL
    props to:
    XKCD: https://xkcd.com/936/
    bendiy: https://gist.github.com/bendiy/5688443
    if ( ! defined( 'ABSPATH' ) ) exit;
    function cc_xkcd_password_generator() {
    	$lines = file('/usr/share/dict/words', FILE_IGNORE_NEW_LINES);
    	$length = count($lines);
    	$password = '';
    	for ($i = 1; $i <= 4; $i++) {
    		$plain = FALSE;
    		while (!$plain) {
    			// Get random word from $lines
    			$key = mt_rand(0, $length);
    			if ((preg_match("/^[a-z]+$/", $lines[$key]) == 1) && (strlen($lines[$key]) < 9)) {
    				//* String only contains a to z characters
    				$plain = TRUE;
    				$password = $password . $lines[$key];
    				//* Add hyphen between words
    				if ($i != 4 ){
    					$password = $password . '-';
    	return $password;
    add_filter( 'random_password', 'cc_xkcd_password_generator' );
    • This reply was modified 7 years, 4 months ago by cubecolour.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Default Easy Password’ is closed to new replies.