Today, WordPress powers roughly a quarter of the web. It is a powerhouse that can easily affect the course of the Internet for the future. This is why I was excited to hear of an initiative starting in WordPress 4.3 to improve passwords.
If you have not heard yet, the latest version of WordPress now includes an improved user experience for setting and resetting passwords. While this may seem like a minor feature of a much larger update, it is a small, but significant step towards eliminating the most common security issue with WordPress: people being terrible at creating and remembering passwords. For example, read WPEngine’s analysis of 10 million passwords.
Auto Generated Passwords
To combat this, WordPress now generates strong passwords by default for users created by administrators or by self-registering. This mirrors a best practice of developers and site admins when creating new accounts and takes a step out of the process when administrators are creating new accounts.