Here is an interesting thought. What is the most ethical way to deal with passwords to a site for use by the general public?

When dealing with an educated group of users, it is obvious that the passwords should be encrypted somehow, so that neither the outside world, nor the site administrators can read the list, thus closing the temptation/possibility of someone unscrupulously reading the password list, and potentially gaining access to user accounts on another site. That is not to even mention to additional protection that this offers from crackers.

I say an educated group of users, because these are the people who won't, flip out and complain if you change their password in order to allow them to resume access to the site after having lost the original. I know it sounds inane, but I have recieved calls before yelling at me about how I changed their password to some crazy mix of letters and numbers, and obviously, I am a complete *******.

Is it better to maintain a plain-english list of passwords on my site, allowing me to automatically send them their password back to them, thus avoiding this situation?

I would have to say no. So, where to from here? ALTERNATIVES!

I think that I shall start with the obvious
Of course, these require extra overhead and longer registration forms. So, what IS the answer that I am looking for? Perhaps a long form letter explaining WHY their password is so crazy... or a redirection to a web page, that has the option to change their password on it? This is the solution that I am leaning towards at the moment. Perhaps some other monks could lend me suggestions... bearing in mind that the users that this site is aimed towards can barely turn on a shower without much help, let alone be troubled with anything more difficult than a mouse click on their computer. Also, this could be a fun thread to start suggestions of what to change the passwords to ;-)

Just Another Perl Backpacker