[Cryptography] Secure password verifiers (Re: Passwords (Smallest feasible work factor today?))

[Peter Gutmann]

Jeffrey Goldberg <jeffrey at goldmark.org> writes:

>I believe that many banks do this. They fear password reuse much more than
>the fear weak passwords which is one of the reasons why they often specify
>password composition requirements that are deliberately incompatible with
>what other services do.

Is there anything documented about this?  It seems OK at first glance but
there's only so many ways you can say "mix of uppercase, lowercase, at least
one digit, at least one special char" until everyone's got more or less the
same password requirements again.

Peter.