We’ve encountered a few problems with members being adding to the new website, so we thought we’d create a page to help answer some of the more commonly asked questions and their answers!
Email Link No Longer Works
The link you were sent in an email to create a password for you account is only valid for about 48 hours. Therefore, if you’ve waited too long you might get a message that the link (from your email) is no longer valid.
A simple fix to this is to go to your account page (http://manuscript.org/membership/my-account/) and click on the “Forgot your password?” link. You’ll be prompted to enter your email address to recieve a new email to change your password. The email should come within a couple of minutes and you’ll be given a new link to change (or set) your password!
Passwords Being “Too Weak”
This one’s a little trickier. We’ve had a few members who are inputting passwords and Wordpress is determining that they are ‘too weak’ to allow. We’ve discussed allowing ‘weaker’ passwords to be allowed but, when it came down to it, we want the new Manuscript website to be as secure as possible and will prevent it to be hacked or come under brute force attacks.
For this reason, we are asking that people please be patient and make sure they are using secure, strong passwords. We’ve also come across some passwords that seem strong, but are considered ‘weak’ by the algorithm WordPress uses.
There are a few reasons for this. Wordpress is using Dropbox’s zxcvbn library to help determine the strength of passwords. Therefore, it is using a smarter system that ensures stronger passwords. Here are a few examples of how a password may get a ‘too weak’ rating:
Passwords that use ‘l33k speak’ (ie. using a 3 for an ‘e’, 1 for ‘i’, etc. / having your password be “G00dm0rn1ng”) or if WordPress perceives it as l33k speak it may come back as ‘too weak.’
Passwords may also get a ‘too weak’ rating based on the password’s entropy. This has to do with patterns of a password and how many times a password can be broken down (and therefore hacked faster.) It’s a little too long to get into here, but here’s an article if you want to read more about the zxcvbn library and WordPress password algorithm.
What are your options?
After determining that we are going to enforce the use of WordPress-level strong passwords, this only leads us to two options.
- An administrator of the site can ‘overwrite’ a password of any strength. If you’re comfortable enough and would like to email (or call) Shirley Sands (firstname.lastname@example.org) with your password, and she determines it is ‘strong enough,’ she can change your password for you.
- You can use various tricks to create a stronger password. Sometimes it can be as simple as adding an extra character, capitalizing or using a variation on l33k speak. For your convenience, we’ve compiled a list below of links to help you create a strong password that you can remember.
We sincerely apologize for any inconvenience or frustration this process may have given you. Please remember that our first priority is keeping the website secure for all our members. Thank you for your patience and understanding.