Password Requirements

You know...requiring that each password include a number, a symbol, and at least one uppercase and lowercase character means that the password I went with is mathematically less secure than the password I went with so that I can keep it in memory? Just require a specific length (I'd say 8 characters) and don't limit the length. If a user gets hacked because somebody brute forced his/her password for being simple, that is the user's fault, not yours. So don't defend that user in a way that makes it harder for other users to use the site.



is very true and should be kept in mind when dealing with passwords.

I would add, if you are bilingual throw that variable in the equation and you'll get a very secure passfrase.

who am i to disagree....

if you choose a password at the site you don't have to follow the suggestions from the password selector, the security measurement might be misleading but you can take what you want.
(the password security measurement is from drupal, and nothing i really have given much thought about)