My practice is to use a "weak" password that is easy to remember with forums where there is no credit card information involved. I use a "strong" password when it's a "show me the money" situation where it could have financial repurcussions if the password was discovered.
Granted, this may not be "best practice" on my part, but the "weak" password I use tends to be one that I wouldn't mind all that much if it was compromised by "black hats".
My observation is that pretty much all forums allow "weak" passwords.
So ..... please consider allowing "weak" passwords for your forums.
HTH, and thanks for providing and maintaining the ExifTools! I'm finding them to be very helpful with a fully manual Samyang lens that doesn't "talk" to the camera body.
The password settings are really pretty weak right now. The only restriction is that your password must be 8 characters or more and may not contain your forum user name, your real name, or your email address.
I would prefer not to drop to the next lower level (4 character minimum, may contain user name) because then the spam bots would be able to raid the forum by guessing people's user names. SMF forum spam bots are common, and I've had to repel a number of attacks so far.
But the good news is that if you allow cookies from the forum, you only need to log in once from each computer that you use -- you will stay logged in forever as long as you don't delete the cookie.
- Phil