How do you enforce strong passwords?

Question

There are many techniques to enforce strong passwords on website:

• Requesting that passwords pass a regex of varying complexity
• Setting the password autono

Answer 1

I don't think it's possible to enforce strong passwords, but there are lots of things you can do to encourage them as much as possible.

• Rate each password and give the user feedback in the form of a score or a graphical bar, etc.
• Set a minimum password score to weed out the awful ones
• Have a list of common words that are either banned, or tank the password score

One excellent trick I like to use is to have the password's expiry date tied to the password score. So stronger passwords don't need to be changed so often. This works particularly well if you can give users direct feedback about how long the password they've chosen will live for (and dynamically update it so they can see how adding characters affects the date).