How do you enforce strong passwords?

Question

There are many techniques to enforce strong passwords on website:

• Requesting that passwords pass a regex of varying complexity
• Setting the password autono

Answer 1

Don't enforce anything ... if you are not protecting financial information or something equally important, then don't make the user choose a strong password.

I have the same weak password on a whole load of sites that require registration for forums, etc. I don't really care if someone guesses it and can post messages as me (and don't think there is much motivation for someone to do so). What I can't do is remember different strong passwords for a dozen sites and don't really want to use another piece of software to manage them for me.

The best compromise would be to show some kind of feedback to the user on how strong the password is (based on whether it is a dictionary word, number of different character types, length, etc).