> This way you can let users choose their own passwords :-)
>
> If you like you can put other checks in it to make sure you have any
> three of uppercase/lowercase/numbers/other characters or whatever else
> you like.
Allowing users to choose their own permanent passwords does not make them
any more secure, though it would hopefully make them easier to remember.
Users tend to choose passwords that are easy to guess, and they tend to
use the same password for multiple accounts.
As I indicated in my original response, there is no best answer to the
issue of password choices, though there are probably a few 'worst'
answers. :-)
Once someone has established a password scheme, either randomly generated
or user selected, it should not be that difficult to write routines to
generate acceptable passwords or to enforce standards for user-generated
passwords.
--
Mike Nolan
