People are also going to keep thinking they're
clever by using "fuck"
as a password. Remember last time?
http://davidgerard.co.uk/notes/2007/05/07/tubgirl-is-love/
A better password algorithm will at least solve a part of the problem
that's understood. Anyone who would choose to use SMS would, I
suspect, have picked a good password in the first place. Can we do
anything practical for people who can't remember passwords?
OpenID as a consumer somewhat helps with this problem, as people are more
likely to use more complex passwords if they have to remember fewer
passwords.
From a practical point of view, minus enforcing
complexity rules, or at
least showing a password strength indicator and encouraging
strong
passwords, there isn't much to do.
Respectfully,
Ryan Lane