Word-based passwords are not a new thing, but they have not readily been available for WordPress. Over the course of time supporting my WP-Members membership plugin, I have gotten a lot of requests for simplifying the password process, so I’ve worked to develop a new plugin to create word-based passwords for WordPress called WordPass.
WordPress has moved the password process to be more complex, thus producing more secure passwords. This has been a good move in general – far too many people create a simple password for their admin account and make themselves more susceptible to hacking.
But when it comes to running a membership site, generating complex random passwords can lead to a poor user experience. How can a balance be achieved giving user’s security while making it easier for them to use? That was what I tried to do in building WordPass.
Here is a random password I generated using the default process within WordPress. It meets the WP criteria for strong passwords:
Now here is a password generated in WordPress using WordPass. It too meets the WP criteria for strong passwords:
Which will be easier for your users to use? WordPass will generate passwords that are based on words in a wordlist you provide. (Keep in mind that if you make a simple word list of very short words, that will reduce the security of your passwords – longer words and more words are better.)
I’ve written in the past about the importance of using strong passwords. So it was important for me to build something that would be usable while remaining secure.
The basic version of WordPass has the following features:
- Random selection from the word list of a single word.
- Word list allows unlimited words.
- Makes words all lowercase, all uppercase, first letter uppercase, or random selection (for best security, use random selection).
- A random number between 1 and 3 digits is added to every password. This number may be split and added as multiple numbers (for example, if the random word selected is sloop, and a 3 digit number is selected, it might be served as 9sloop40.)
- At random, a single special character may be added.
I am working on a Pro version that will be out later this month with the following additional features:
- Number of words used can be between 1-3 or a random number chosen at random from the word list.
- Default word list includes well over a hundred words to get you started.
- Words can be “leetified” (“leetspeak” is a process of changing certain letters to other symbols, letters, or numbers; for example, “street” might be “$tr33t” in leet). Leet can be turned on or off or be randomly applied.
- Basic leet dictionary included can be filtered to allow custom leet character mapping.
- Number of numbers can be 0-3 digits or random.
- Number of special characters can be 0-3 or random.
- Special characters used can be filtered to allow additional (or removal of) characters.