>Does anyone know if a tool/function/class that can determine if a password is poor and should be rejected? At the moment, I have a growing list of passwords (example: password, 1234, abc, company name...) and rules (examples: not username, not first or last name, not birthdate...).
>
>I've seen tools that will ensure a password has at least 1 number and a special character, but I'm more looking for something that will reject common passwords, words in the dictionary and other common rules.
Windows Server 2003 has some recommendations for "password complexity" - see
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/directory/activedirectory/stepbystep/strngpw.mspxIt shouldn't be too hard to implement that in a function.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up