On 5/7/07, Blu Aardvark jeffrey.latham@gmail.com wrote:
In addition, it should be entirely disallowed for a user to create a password containing the string "password" or that is identical to their username.
I think one problem is that people don't view "website passwords" as important as a password to their ISP account or a unix shell account. After all, who cares if somebody cracks their nytimes.com password? You can get a shitload of those from bugmenot anyway. An exception might be their bank's website.
People view their Wikipedia accounts the same way they view a news site password so they pick a simple one like their cat's name or "password" and it may stay that way even when they are made admins.