i noticed that if i log in, blog a little bit, and "accidently" let someone else use the computer without logging out, anyone could change my profile including my password. Shouldn't wordpress make users type their password to see their profiles at least?
Need help? Check out our Support site, then
account is not secured?
This blogger has elected to delete his or her account.
For the people who search:
"Shouldn't wordpress make users type their password to see their profiles at least?"
If you had logged out the cookie would have been expired and your information would be safe.
Your information is secure from our side but you do need to do the sign out bit - that and have good passwords too.
What is a good password? I've heard of combining numbers with letters. Now I'm going by the password that WordPress sent me.
I have 1 password that I use anywhere as a 'first choice' because it's quick and easy to remember. That is an 8 letter number.
I use passwords like this for stuff that is sort of important: Tv6Va4rV
8 letter/number combination
For really important stuff - like all my domain passwords:
16 character/number/letter combos
And because I use them I have a password manager:
Keepass (it's free)
Going back to the original point of this thread, I don't think WordPress has any obligation to protect people against stupidity of that particular level. You're supposed to know how passwords work and handle things on that end yourself; if you can't remember to sign out and you "accidentally" let someone malign use your computer, you shouldn't be allowed to blog unsupervised anyway.
I think there's an expectation of a minimum level of competence, and that it's fair.
I go with two words and a number stuck in between them for a password myself.
This topic has been closed to new replies.