• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Implemented Xenforo password reset letters need to be changed.

#1
We recently converted a site to Xenforo from some pretty old software. The age of many of the users there is quite high so a good majority aren't computer experts. I've been getting a TON of complaints about the passwords generated by Xenforo not working.

When I test it for the user it works, so I'm sure it isn't a problem with Xenforo. However, it is a problem with the users looking at the letters and typing them in by hand.

In gmail and in the emails sent out by Xenforo, both the letter l and letter I look identical.

Obviously on this forum the letters are visibly different. But check out this screenshot. You literally can't tell.

From this screenshot the password is: XlLxsIAo

But you sure can't tell! It would be great if Xenforo could avoid those two letters in passwords or change the font so that they are visibly different. This process should be easy and straightforward for the user. The current method is anything but... and yes, cutting and pasting would fix the issue but for some of these members that may be too difficult... and lets face it. You should be able to tell the different letters apart.

xenpass1.jpg xenpass2.jpg
 

Coop1979

Well-known member
#9
I would like to also submit the suggestion to have the new passwords contain letters, numbers, and symbols. For the majority of users who won't change the reset password to something more secure.
 

Fufu

Well-known member
#12
If I remember correctly, license plate numbers in the US count l as L, 1 I as 1, and O 0 as 0. Maybe xenForo reset tool could do the same for passwords?
 
#13
Well, I keep getting complaints quite often... I had a guy who thought the lower case q was a g.... and yup, they look near identical with this font.

Then a member sent me this one, he couldn't figure out what it was...

It seems to me that a font change would be super simple and is really necessary. How about it Xenforo guys? Look at this doozie today...

0? O? 0? o? l? 1? I?

/me sighs....

Screen Shot 2014-08-07 at 3.00.31 PM.png
 
#17
I keep getting complaints from users that their new passwords don't work and suspect this is the issue. Is this being addressed? I'd say any random generator should restrict its passwords to avoid 1, I, l, 0, o, and O.
 
#19
Oh. Sorry. I am on 1.4. Maybe it's user error. It seems to be the same few users over and over and over.

Next time I'll look closer at the forum name when doing a search.
 

Mike

XenForo developer
Staff member
#20
It does still use the characters, but it maps them to a specific set which should be clearer (I -> i, l -> L, o -> O, 0 -> O) before using the password.