You've all encountered the various websites that force you to have a password that is 6 characters long, must have 1 number, and must rhyme with 'annoying.'
Obviously there are legacy reasons why sometimes this is necessary but other times it's all for security. I find that it's rather annoying because I have a standard set of passwords that often don't match these peculiar rules so I have to make and remember a new one.
It seems that there are more important things to worry about in terms of security if you're worrying about how complex the user's password is. If someone can actually get a hold of that password then you clearly have larger problems to worry about. Do your part and lock down your end of the system before relying on the user to worry about YOUR security.
My actual question is: What are the alternatives to these complex password rules to mitigate the risk of rainbow tables or brute force hash reversers without relying on the user to carry the weight of remembering something complicated?
Some ideas: salting, ...