<brion> "aaaaaaaaaaaaaaaaaaaaaaaa"
ain't secure
<TimStarling> "password" isn't secure either, and that's 8
It seems to me that a pretty secure approach would be to have the system
give the user his 8-12 character password, rather than letting him pick a
password. Then we can be assured that he's not doing stuff like "p@ssword"
to meet the complexity requirements.
Well if we are going to go down that road, requring public/private key
pairs would also be more secure. However i doubt either would be acceptable
to users.
-bawolff