I'm surprised that blank passwords were ever
allowed since they are
probably the worst security you can make,
Second only to letting anybody edit your web site. ;)
UseModWiki actually went so far as to allow you to create multiple user accounts
with the same user name...
Maybe in the future a more strict password security
should be established and enforced, forcing password changes every x
days would be unduly burdensome but complexity requirements might be a
good idea especially since as you mentioned the adminship and the
community pool has enlarged greatly.
I'm fiddling with some basic dictionary checks and such.
-- brion vibber (brion @ pobox.com