1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Implemented Xenforo password reset letters need to be changed.

Discussion in 'Closed Suggestions' started by ekool, Jun 12, 2014.

  1. ekool

    ekool Member

    We recently converted a site to Xenforo from some pretty old software. The age of many of the users there is quite high so a good majority aren't computer experts. I've been getting a TON of complaints about the passwords generated by Xenforo not working.

    When I test it for the user it works, so I'm sure it isn't a problem with Xenforo. However, it is a problem with the users looking at the letters and typing them in by hand.

    In gmail and in the emails sent out by Xenforo, both the letter l and letter I look identical.

    Obviously on this forum the letters are visibly different. But check out this screenshot. You literally can't tell.

    From this screenshot the password is: XlLxsIAo

    But you sure can't tell! It would be great if Xenforo could avoid those two letters in passwords or change the font so that they are visibly different. This process should be easy and straightforward for the user. The current method is anything but... and yes, cutting and pasting would fix the issue but for some of these members that may be too difficult... and lets face it. You should be able to tell the different letters apart.

    xenpass1.jpg xenpass2.jpg
    Coop1979, erich37, gfo and 2 others like this.
  2. briansol

    briansol Active Member

    These emails should be sent in plaintext in a monospaced font like courier.
  3. Brogan

    Brogan XenForo Moderator Staff Member

    XenForo doesn't send passwords in plain text in emails.

    Is that from an add-on?
  4. ekool

    ekool Member

    It is from the built in password reset procedure. "Lost Password" tool.
  5. Brogan

    Brogan XenForo Moderator Staff Member

    XenForo sends a reset link, not a password.


    That is not part of the core functionality.
    Amaury likes this.
  6. Mike

    Mike XenForo Developer Staff Member

    It's part of the second email, once you confirm that.
    Brogan likes this.
  7. Brogan

    Brogan XenForo Moderator Staff Member

    Ahh...I've never actually completed the process.
  8. Adam Howard

    Adam Howard Well-Known Member

    1 I i

    l <-- that's not a letter, that's a symbol. I agree, it should not be there
  9. Coop1979

    Coop1979 Well-Known Member

    I would like to also submit the suggestion to have the new passwords contain letters, numbers, and symbols. For the majority of users who won't change the reset password to something more secure.
    HWS likes this.
  10. Chris D

    Chris D XenForo Developer Staff Member

    That's a lower case L
    Adam Howard and Amaury like this.
  11. Adam Howard

    Adam Howard Well-Known Member


    I need sleep.... :coffee::ROFLMAO::ROFLMAO:
  12. Fufu

    Fufu Well-Known Member

    If I remember correctly, license plate numbers in the US count l as L, 1 I as 1, and O 0 as 0. Maybe xenForo reset tool could do the same for passwords?
  13. ekool

    ekool Member

    Well, I keep getting complaints quite often... I had a guy who thought the lower case q was a g.... and yup, they look near identical with this font.

    Then a member sent me this one, he couldn't figure out what it was...

    It seems to me that a font change would be super simple and is really necessary. How about it Xenforo guys? Look at this doozie today...

    0? O? 0? o? l? 1? I?

    /me sighs....

    Screen Shot 2014-08-07 at 3.00.31 PM.png
    Grover likes this.
  14. Mike

    Mike XenForo Developer Staff Member

    I have done some tweaking here in 1.4.
    Coop1979 likes this.
  15. Karelke

    Karelke Active Member

    Why is XenForo sending passwords in plain text? Isn't that unsafe?
  16. TechGuy

    TechGuy Member

    Any update on this? Is there some way to disable the plain text passwords?
  17. Allpar Dave

    Allpar Dave Member

    I keep getting complaints from users that their new passwords don't work and suspect this is the issue. Is this being addressed? I'd say any random generator should restrict its passwords to avoid 1, I, l, 0, o, and O.
  18. Jeremy

    Jeremy XenForo Moderator Staff Member

    What version are you on? It was addressed in 1.4
  19. Allpar Dave

    Allpar Dave Member

    Oh. Sorry. I am on 1.4. Maybe it's user error. It seems to be the same few users over and over and over.

    Next time I'll look closer at the forum name when doing a search.
  20. Mike

    Mike XenForo Developer Staff Member

    It does still use the characters, but it maps them to a specific set which should be clearer (I -> i, l -> L, o -> O, 0 -> O) before using the password.

Share This Page