2019-01-22, 05:56 PM
I'd like to see a random password created on registration or at least a button for "Generate Password" that fits the settings. I have 12 character complex minimum and believe it or not I get dumb people who say that their password doesn't work to join and are too stupid to count to 12 correctly. Happens way more than you'd think. If a button was there to generate a password (JS probably) it would be a nice feature.
As for as OPs suggestion, which I have now have officially hijacked (sorry), I think it can be done in a plugin easily. I don't believe it should be core. I'd also not trust sending even a sha1 string to HIBP. You can't be sure they aren't data mining.
Those are real solutions to very persistent threats towards forums. Someone using a known password is just stupidity and not really an attack on the forum itself. If you're going around joining websites with the same credentials imho you deserve to lose your account. Also these are forum accounts, not bank accounts. If they get hacked it's usually not a financial lose involved.
As for as OPs suggestion, which I have now have officially hijacked (sorry), I think it can be done in a plugin easily. I don't believe it should be core. I'd also not trust sending even a sha1 string to HIBP. You can't be sure they aren't data mining.
Quote:why isn't StopForumSpam a plugin, why isn't Google's recaptcha a plugin
Those are real solutions to very persistent threats towards forums. Someone using a known password is just stupidity and not really an attack on the forum itself. If you're going around joining websites with the same credentials imho you deserve to lose your account. Also these are forum accounts, not bank accounts. If they get hacked it's usually not a financial lose involved.