Thus said Shane Hathaway on Sat, 16 Apr 2011 12:41:31 MDT: > I want to include this idea in the password meters I create for web > applications. I need a better password scoring algorithm. I don't want > to *require* any minimum password complexity (other than a minimum > password length), but I do want to help the user choose a good > password.
Inform them of the risks of using a bad password and what kinds of information will be compromised due to a bad password, let them make their own risk assessment. Offer a button that says ``Generate a secure password for me,'' and then call apg -a 1 -M SLNC (or whatever options you think are good for your appliations), serve it up to them over SSL, and see if they take it. If this isn't enough to convince them to use a stronger password, then they have been warned. Andy /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */