How do you enforce strong passwords?

Question

There are many techniques to enforce strong passwords on website:

• Requesting that passwords pass a regex of varying complexity
• Setting the password autono

Answer 1

Why enforce it?

I found that a "password strength meter" (a bar indicating password strength as you type) is usually a good non-intrusive measure. It makes those who care about security to have a guilty conscience about password weakness, yet does not frustrate those who do not care as much.

Also, there is an insightful essay on why periodic password change policy is a bad idea with today's threat model.