> Why not? The user surely knows better what a good password is than the > software does. If the user picks a crappy password, there's probably a good > reason. You have an alarmingly naive understanding of our user base... (not that *I* want to give up control of my passwords, but I'm not an average user)