Re: Don't Just Blame Users
They are, after all, the ones that would have to deal with the mess of, say, a forum that got spammed to destruction if all user accounts had easily guessable passwords.
It's called "rate limiting", not "rocket science" :) . As I posted a few minutes ago, rate limit with a lockout for failure. Using the article's list as a script, spammers shouldn't be able to get as far as "password" before a x-hour lockout or contact-admin-for-reset.
And some moderation/oversight should be done as well. Get spam posts? Get rid of spammy posters! Simples! (and harden your account sign up process if that becomes an issue)