On Tue, Feb 4, 2014 at 11:20 PM, MZMcBride z@mzmcbride.com wrote:
General consensus (on this mailing list and at the RFC) seems to be that we can certainly encourage stronger passwords, but we should not require stronger passwords for standard accounts. Accounts with escalated privileges (admin, checkuser, etc.) should likely be treated differently.
That does not seem to be the consensus to me. I see several people with expertise in this area (Chris Steipp, Ryan Lane, others) recommending that this is the least we should do. I think we should leave determining consensus up to the people who will close the RFC.