Originally Posted by
Andrew.Smith
Surely you should force users to use sensible passwords ?
Actually, password policies (esp shameful ones) are usually a dead give-away that a web doesn't employ proper password security. I'd say the best way is to use a library (e.g. zxcvbn) to indicate the strength of passwords back to the user. Is it then up to the user to secure their account properly.
However, AW her is solely responsible for the content users store. Printing back (into the html source) plain-text stored passwords is just unacceptable!