Two of the initiatives for WordPress 4.3 are for further improving WordPress (especially mobile) UI and re-evaluating password management.
Starting Thursday, lead developer Helen Housandí will host UI chats in the WordPress Slack #design channel.
Additionally, lead developer Mark Jaquith further laid out a plan for re-thinking WordPress passwords:
- Default to generating a password for the user — if they want to choose their own password, they can, but the default should be that we generate a secure one for them.
- Default to showing the password input as plain text — to reduce typos, eliminate the second “confirmation”, and show them the password we’ve generated.
- In case of manual password entry, help them choose a better password — instead of just showing them how strong/weak it is, help them make it strong (“keep going… make your password longer!”).
- Make them jump through an “are you sure?” hoop to set a weak password.
We like the WordPress.com UI, and think we can derive some inspiration from that. Also, some work has already been done on #24633, which we could use as a starting point.
I like the direction 4.3 is heading. I’m not sure how many people are using the web-based dashboard on mobile, but even if it’s not many, it still needs to be a priority as the number will likely grow over time.
And in regard to password management, it’s a workflow long overdue for attention and anything that can encourage common sense security measures is good. Most users just don’t use very good passwords, so while this may create a minimal amount of friction for users with bad habits, I personally think that’s quite okay.