On 5/7/07, Blu Aardvark <jeffrey.latham(a)gmail.com> wrote:
In addition, it should be entirely disallowed for a
user to create a
password containing the string "password" or that is identical to their
username.
I think one problem is that people don't view "website passwords" as
important as a password to their ISP account or a unix shell account.
After all, who cares if somebody cracks their
nytimes.com password?
You can get a shitload of those from bugmenot anyway. An exception
might be their bank's website.
People view their Wikipedia accounts the same way they view a news
site password so they pick a simple one like their cat's name or
"password" and it may stay that way even when they are made admins.