DK6 Password changes, creation advice, and security (5/5/2026)

Our site migration on 4/15/2026 implemented changes to many basic operations of the site, including passwords.

We have connected WordPress (the platform for posts) and Viafoura (the platform for comments) so that only a single login is needed, as before. The basic login [signin] page remains the same:

Login modal for Daily Kos displaying fields for username or email plus password, and a link to click if the user has forgotten their password.
Login modal

Clicking the Forgot your password? link will redirect to a different modal through which it is possible to generate a password reset link.

Password reset link modal offers a field for entering the email associated with the site username
Forgot your password/request password reset link modal

Putting an email into the text box and clicking "get new password" will lead to this display and the delivery of a password reset link, as long as we have an associated email in our system. It is NOT necessary to activate that link; if no action is taken the old password remains unchanged and available.

Confirmation modal notes that a password reset link will have been sent as long as there is an associated username. (Phrased this way partly to protect the confidentiality of site members, and partly to alert a user to the possibility that the email supplied might not match our records.
Confirmation of password reset link initiation

The security system underlying the WordPress login is different from before, however, which becomes evident when a user tries to change their password.

Clicking the reset link send to a user's mail will open a page that looks like this:

Password reset modal, including several security checks

That password field is pre-populated with a text string that would be difficult to guess. It remains possible to edit that suggested password or to create an entirely different one. The criteria used for the assessment of strength and security are provided by Jetpack, as noted. (For additional context, see this resource for an explanation of its account protection features or this longer, more thorough review of what makes a password weak or compromised.)

Users are free to create their own passwords. Be aware that the system might then display some cautionary messages:

Password reset modal, showing display of an alert
If a user wishes to use what the Jetpack system considers a weak or compromised password, it remains an option (after checking the box acknowledging the risk). NOTE: In an attempt to improve site and user security and avoid data breaches or unauthorized use, Jetpack will send an email with a confirmation code to be supplied on the site following every login attempt with what qualifies as a suboptimal password.

SOME of our legacy suggestions regarding strong passwords still apply.

a. Don't REUSE passwords from site to site.

c. Choose a password that is easy for you to remember.

d. Consider storing your password in a password manager.

As does the strategy we suggested adopting for creating a strong password.

Password writing can be intimidating. People tend to think that a random string of letters and numbers is a super-secure password that nobody could guess. For example, people assume that the password "Ab13gU7" is super secure. No one's going to guess that password, but if someone's running a decryption utility, they'll crack that password in about three hours. In contrast, if your password was "Whirled Peas" it would take someone with your basic desktop PC about two million years to crack. If a website lets you use it, the space key is your best friend in the world. If_not,_use_underscores_instead.

That's why we encourage people to stop thinking of passwords and start thinking of passphrases. Song lyrics or poetry snippets shot through with symbols and numbers are a great place to go. In contrast to whirled peas, the password "@11Uneedislove" would take about 32 billion years to crack. That's without spaces. When you type it as "@11 u need is love" it'd take a modern desktop about 560 sextillion years to crack it.

In short: Don't use dictionary words, and don't use a long string of letters and numbers that you can't remember. Use a phrase. Spaces are your friend, but so are symbols and numbers.

Related Articles