Is there such a thing as a password policy that sets expirations based on the strength of a password? That should be a thing.

Your new password is, "pass." It expires after lunch because you're a moron.

How would one go about creating something like this? Using an algorithm that looks at password entropy? 🤔

*Using big words like entropy cause I heard it once.

@zymk

You can write something to parse the content of the password without logging it or storing it in plain text, and have that build a score based on how the string stacks up against certain standards and settings. That score can be passed to the next component in the password application to set things like expiry and privilege.

I don't really understand how password expiry makes a system more secure. It's just annoying.

@spacem but there in lies the beauty. Annoy the crap out of users to train them to use stronger passwords. Like reverse Pavlovian training or a Japanese game show. Instead of rewarding intelligence, punish stupidity/ignorance!

(I'm kidding of course, this would be really harsh on people)