The new system of managing a password reset sends a password reset link that has 24-hour expiry window, and users will also receive e-mail notification if e-mail or password is changed.
In a blog post, WordPress developer Brian Krogsgard said that, “This is a relatively minor change to WordPress that will significantly enhance default user behavior for a big security win.”
For the new users to WordPress, they have add a feature which will automatically generate a secure password for the user. It means that the users will have a strong password by default. A password strength meter will help users to gauge on the strength of their password.
“Although WordPress isn’t stopping you from choosing terrible passwords, the default in 4.3 is that you get secure passwords, and making them less secure takes a bit of work,” noted Mark Jaquith, a lead WordPress core developer.