Ok, from a slightly different angle, how about addressing customer password requirements? I must have over a hundred different passwords, and no single password template would be acceptable at all sites - different lengths, special characters, capitalization, etc. what do you think your customers do? Yeah, simplist things possible, post-it notes, and unencrypted files listing sites, user ID, and password (I really loved the site that required a special character in the user ID). Here’s a trick I’ve seen done: when the site is saved as a ‘favorite’ it is renamed as siteiduseridpassword, so the result would be: abcbank jtom pass123, SHOWN ON THE FAVORITES BAR. Makes life so easy.
Look, please, if you make the decision, the first question you should ask yourself is, does this application really require a password??? I can log into my electricity account, look at how much I owe, and pay the bill. Why do you require a password?? If someone wants to pay my bill, LET THEM. They have my permission! Now, if you have a feature where I can store credit card info, and pay my bill automatically, then require a password just on that feature.
If your site lets me store recipes, keep track of loyalty points, make comments, etc., then give ME the option to opt out of using a password. I have no fear that someone will post a comment on a site like this under my user name. It would gain them nothing, and at worse, I would change my name and then password protect it. If someone is desperate enough to log into my Subway account and steal loyalty points for a free sandwich, then they may do so, and may God bless. And I have no idea why anyone would go into my Kroger account and mess with my shopping list. I’m not going to buy a crate of spam simply because it is on the list.
Maybe if I didn’t have to contend with this I would be more careful with passwords where they really mattered.