This is for some password authentication?<p>I never understand why people restric password length. Why not 12-char alphanumeric? Or 32-char alphanumeric? Most people will use 10-char passwords (or shorter), but those concerned with security could use better.<p>BTW - I'v got idea how to ensure people will use unique secure passwords on your site. It's a little harsh, but still.<p>For each new user in registration form calculate 4-letters hash (from user number, timestamp, whatever), and require user to include this hash in his password (and that the password is at least X characters long). User that has favorite password "swordfish" will just use "swordfishX13h" probably, but it's still better than "swordfish".