Mark Jaquith has further outlined the new password features in 4.3, and they are exciting. I think this may prove to be the most important new feature for this release. I’ve already covered this, but I’m covering it again. I love it, and now it’s a completed feature.
Starting in WordPress 4.3:
- Making strong passwords is now the default, and they are generated from the admin
- Making bad passwords must be done manually, and it tells the user the password is bad
- Passwords will no longer be emailed to users
- Password reset links will expire in 24 hours
- Password reset notifications will be emailed to users
These are great changes. Check out the pictures of them in action, or better yet install and test 4.3, which will likely hit Release Candidate 1 within hours from now, and see it for yourself.