[res0nat0r]

> Tell the user: your password must contain the following word: “hzru”

Enforcing this kind of thing on the masses won't make for stronger passwords, it will just have them opening up notepad.exe and saving this sites too-hard-to-remember-because-it-has-too-many-rules password on ~/Desktop/logins.txt

[diego]

Now you'd have to prove that having passwords stored in a file is worse than massive password leaks. I suspect that it isn't. People already carry laptops with browsers that save passwords automatically. Losing your laptop already implies a password-change-fest.

[thedufer]

Are you implying that browsers save passwords in cleartext? A quick search indicates that all major browsers encrypt passwords to user accounts, and some give the option of a master password as well.

[Devilboy]

They do encrypt passwords but that doesn't matter. You can still log in to their accounts and do anything you want. And if for some reason you really do want the actual passwords you can obtain those too, obviously they get decrypted to send to the website you're logging in to so just capture it at that point. Normal people don't configure master passwords.

[gus_massa]

And when they go to another computer (home/work/relatives/...) the only option is to carry that file.