Also nag the user periodically if they have set a password before that they wouldn't be allowed to set now (obviously we can only check this when they enter the password for some reason, e.g. while sending).
Of course a longer password doesn't necessarily mean that it's good enough, but a 3-letter password is definitely not good enough regardless what characters you put in there.
Also nag the user periodically if they have set a password before that they wouldn't be allowed to set now (obviously we can only check this when they enter the password for some reason, e.g. while sending).
Of course a longer password doesn't necessarily mean that it's good enough, but a 3-letter password is definitely not good enough regardless what characters you put in there.