I log in quite seldom to allegro.cc and it's not one of the websites for which I do remember my password for any long time.

Unlike almost every forum I've seen, on the first log in page there's no "forgot my password" link.

Maybe there's a good reason for this. I wouldn't know.

Anyway, I suggest adding just that, so that me (and others) can more easily retrieve the password whenever it disappears. Feels like a basic function that should just be there.

I've learnt to work around it on allegro.cc, by clicking "create new account" I can get to another page which has a link such as "Do not create multiple accounts, click here if you forgot your pw", other times by using google I've been able to "allegro.cc forgot password", and such, but like I said, it's not obvious and it's not like 90% of web pages and forums I've ever seen in my life, for no apparent reason. The first few times I really got stuck and took a good while to find the link for retrieving the pw. It was there, it was just hard to find.

I don't have a problem with this anymore. Still I find it's worth suggesting. People will have the same problem as I did.

I'm too paranoid to keep my passwords saved anywhere but in my memory.

I'd rather trust 256 bit twofish encryption that a keyboard shift or my brain

My passwords are usually absurdly long (as long as the password field will accept) number sequences that are easy to remember or recreate, which are then obfuscated somehow.

For instance, 147221134175226134020105168421 (hailstone sequence starting at 14) gets shift held down and becomes !$&@@!!#$!&%@@^!#$)@)!)%!^*$@!.

With this thread in the back of my head, I went into a state between silently quivering in a corner and laughing out loud ,when I encountered this hellish mix of user inconvenience and lack of safety today: (translated)

Your password must adhere to the following:

• It must contain at least 8 characters.

• It may not be longer than 13 characters.What?!

• It must contain at least one digit.

• It must contain at least one lowercase letter.

• It must contain at least one capital letter

• It may not contain diacritics (like à en é), no spaces and no unicode characters(like ,.;'").YOU'RE KILLING ME! IT HURTS

• The password may not contain your first or last name.

• The password may not contain any sequence of three characters from your username.

My suspicion was confirmed, that the password can only contain alphanumerics. And on the last rule should be noted, that the user name is a random sequence of digits... possibly ruling out a lot of digit sequences, for... "security".

weapon_S: I raise you my incompetent bank's "improved" password policy from earlier this year. The password must

• Be at least 8 characters long.

• Not be longer than 13 characters.

• Only consist of letters and numbers (this was changed from a previous policy which also allowed punctuation).

• Contain at least one lowercase letter.

• Contain at least one capital letter

• Contain at least two digits.

Yes, really.

What? Password Fields prevent over the shoulder password stealing.

My analytical skills suck, but I've always thought that adding rules to your password made it easier to brute force crack...

I hate that. I like putting in random (to other people) non-letter and non-number characters... I always feel as though I have to "dumb down" my passwords due to rules like that.

I like the little "password strength" meter some sites give you. It's funny what they consider a strong password. I've typed in an all-lowercase common english word and a single digit and gotten a strong rating.

So, what do you all consider a strong password?

MySpace at some point added a policy such that you can't set your password to "password". I guess that was a common problem. Fortunately, I set my MySpace password before that limitation