>I hope you don't hurt yourself laughing but.. My passwords do not have any of the requirements you listed. In fact a password '1' is a valid password.
>What I am thinking of doing is adding the requirements you listed as an option. So that customers can enable or disable this. I am sure that all existing customers will not choose to have any requirements. New customers, maybe.
>
>>Many secure password rules require a minimum length, at least one upper-case and one lower-case letter, a number, and a special character. Forcing to uppercase makes the pwd less secure
>>
Look for a routine measuring pwd strength and either call out to it or paracode what you see there. Disabling upper/lower distinction hurts strength a lot.