Some systems require that you make a complicated password. Algorithm's are used to decide if a password is weak or strong, based on length, and mixture of upper/lower case letters or alpha-numeric characters.

In many cases, you can't even proceed until you create an extra-complicated password.

Since when did it become the duty of the system to make sure I provide a hard-to-guess password? It used to be that responsibility fell on the user.

I think this is bad design. It's not only difficult and frustrating to have to figure out what an "allowed" password must contain, it impedes users from actually using the application.

Not only that, but if you work in a technical field, handling customer support, it's likely you'll need to create "test" accounts to log into certain systems. These would be temporary accounts that get removed immediately after diagnosing the problem, and often use passwords such as "test," just to get into the system quickly.

From a technical background, I understand the need for security, but if it impedes experienced professionals from diagnosing a problem, then it's a bit too much.

Since there is no official "standard" for what a "good" password must contain, every system handles it their own way. This means that for every site or system I register with, I have to figure out, all over again, how to create a good password.

A particular MySQL database host requires seven characters, and "rates" how strong my password is, without telling me anything else, but still denies me if my password is not "strong enough." Should I use more numbers, or more upper-case alpha-characters?

A certain banking site requires at least five characters, two of which have to be a number, and at least one upper-case character.

All these "requirements" have my head spinning, when I just want to use the application!

A better approach would be to use OpenID for commercial sites, or another idea would be to only let the "bad" passwords last for so long, and then require users to change them to continue using the application. So, I could gain temporary access with an "unapproved" password, but only access the system for so long, like an hour.

But until these improvements are considered, please let me supply whatever weak password I want!