jmiahman I see where you are coming from. Please see from my opinion that this only creates more problems. Makes for lazy admins. If you have set proper permissions for your users, then its of no consequence if my user name is User and my password is Resu. If you have a single list that you and everyone is comparing their passwords to, you are effectively trusting the owners of the database are not at the same time adding your unique passwords to their paid for list. Know what I mean? I get its hashed or salted or whatever, that hash doesn't disappear because it didn't match.
There are password lockout policies, captchas, IP logs, blacklists, white-lists, 2FA, etc... Membership is free in most cases, easier to just hack the db as a user instead of the extra tip toeing trying to brute force another users account with a 10GB dictionary list or 10TB rainbow table setup.
To have my password being forwarded somewhere and queried against a list feels invasive. Its private. My ATM pin in 4 numbers. My credit card does not require a password, and only rarely a zip code, which cmon, chances are the zip code is the place it was stolen or found.
Just seems overkill. Great if its a pleasant FYI, not so great if the would be member is like ... nah Im done surfing the net with my diapers and EpiPen.
I mean no offence, this is just my opinion; it would be a more functional extension if it was not so strict.
Informational vs Restrictive.
Account creation is presented as the users prerogative, else you might as well give them their username and password instead of the false pretense that its theirs to chose.
