On 05/08/2013 11:34 AM, Bob Proulx wrote:
I think it is useful to use pwqcheck and if it passes that then stop there. But if it fails pwqcheck I would like to look to see if it is a false positive. Look to see if it has a reasonable amount of character classes and if so then mark it okay.
We could implement it as a warning rather than a requirement
("Password has changed; note that it may be weak (<pwqcheck message>).").
