Hacker News new | past | comments | ask | show | jobs | submit login

Presumably you'd use whatever procedure you use for a lost password?

But simply forcing a password change at the next login after detecting an insecure password would not unduly burden anyone and would be better than doing nothing.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact