In this article over at Ars Technica, we get the scoop on Standford University’s new password policies which vary the requirements for password complexity (use of special characters, upper case, lower case, numbers, etc.) based on how long the user chooses to make their password. As the password chosen gets longer, the user is given more latitude to reduce the amount of complexity. I think that this is a great idea, providing users with choices in how their passwords are constructed while maintaining a level of security relevant to those choices. Unfortunately, this is not a policy which can be implemented off the shelf on today’s most ubiquitous operating systems – you would have to create some sort of a front end program to vet users’ password choices and then store them in the OS. Sounds like a great idea for an open source project to me.