[version_five]

Related anecdote, when I was in university, I had changed my university IT services password to something "offensive" (had the F word in it) after getting frustrated trying to find one that met the novelty and entropy requirements. I was contacted later by IT to tell me that was an inappropriate password and to change it. I found it much more offensive to know that IT could see my password in plain text, than I would to read a swear word.

[guenthert]

The password probably was not stored in plaintext (if you've been to University in the last thirty years), but IT staff might have periodically ran a password-cracking tool in order to find weak passwords (and swear words in various languages will certainly be in their dictionary). They alert the user and request the password to be changed (might disable the weak one) in order to safeguard their network.

[version_five]

This is an interesting point, and I did consider it as I was typing the comment. If I remember correctly, the password was fuckStateU+1 with my university name (abbreviation) subbed in (like I said, I was getting angry trying to meet the special character etc requirements). Do you think password cracking software they use would break suck a password any faster than brute force? I suppose its possible but I'd discounted it.

This was about 15-16 years ago I think.