Sure, your shell account, bank website, ebay/amazon password should be very secure, secure to the point of not needing to be prompted, but does every site on the net, ie your blog, twitter, etc, need to have a min of 8 characters w/at least one number and one capital?
Oh, agree with everyone here on the creepiness factor here...
I've seen many of users typing their birth year, their first name or just "123qwe" as their password. Way too many I'd ever expected.
I really doubt they understood the possible consequences. Restricting is inacceptable, but warning against using seemingly-insecure password should be perfectly fine.
Sure, your shell account, bank website, ebay/amazon password should be very secure, secure to the point of not needing to be prompted, but does every site on the net, ie your blog, twitter, etc, need to have a min of 8 characters w/at least one number and one capital?
Oh, agree with everyone here on the creepiness factor here...