Remove "strong" password requirements

We'd like to remove the *requirement* for a strong password and instead make it *recommended* with a password strength meter and accompanying advice about how to make it stronger if it's weak.

We should have a minimum password length still, I think

Marking as 'High' priority as user testing shows this is a major problem in the sign-up process.

My bug (885684) got merged into this one even though it's not quite the same thing.

Specifically, I don't have a problem with requiring strong passwords, as long as the requirement is that they be strong in terms of bits of information, and that the user is allowed to meet this requirement as they please. What I think is bad is requiring a certain pattern (8 chars, one uppercase, one digit, etc.) as a half-baked attempt to force the password to contain more information.

I couldn't register with my 27 character password, which contained symbols. I don't have a problem with enforcing some minimum password strength, but I think the current determination of password strength is naive: http://xkcd.com/936/

Have to agree with @Stuart - I actually did not create an account because of the password requirements.
If it get's resolved I'll switch over to using ubuntu one.

Howdy, please note that this bug's request cannot be applied to ~canonical and Canonical employees. Should there be a question about this, please contact me directly.

OK, the existing validation code is less strict (@joey *except* for canonical employees who have stricter requirements). Essentially:

        Validation is successful if:
            - password contains at least 8 characters
            - password contains only ascii characters

This has been the case since 2012-12-19, it's just that the report had remained open since then.

I don't think requiring at least 8 chars is unreasonable, and that's currently the only "attempt" to force the password to contain more information". I think this solves the initial request so I'll close this report.