Password Monitoring

0

Greets:

*sigh* 11 minutes goes by just so fast.

Just a thought since we had a security problem during the night. One of our elgg sites got hacked because the admin used her password as her husbands name. I realize that there’s no real way to monitor that but a filter and a disallow for common passwords like ‘password’ and any string of 1234 would be a plus.

thanks,

-drmike

edit: Had our first accident in the parking lot last night. Was hoping we weren’t going to have one this season. *ring* *ring*

  • wpcdn
    • Syntax Hero

    Mike

    Thanks for bringing this up. This reminds us of a dilemma we are facing with an upcoming multisite launch. We decided to use the WPMU DEV “choose password at signup” plugin because we think we’ll have fewer support issues if users pick their own passwords. And, this will eliminate the need for WordPress to e-mail passwords to users…a security issue.

    But now we are wondering whether this is the wise move. Mike, what do you think?

    WPMU DEV, does that plugin include any checks for insecure passwords?

    Mark

    P.S. Mike, where is this infamous parking lot you refer to? :wink: