A service recently forced me to reset my password recently, so I asked them:
Was there an incident that caused passwords to be reset? Was an analysis done on passwords to determine their "strength" such that mine was deemed unfit?
I eventually got this back.
It in fact is exactly what you had guessed. We implemented some measures such as this one to protect yours and all customer information, which is why we had asked you to strengthen your password.
@GeoffWozniak The only way this would be reasonable is if they compared hashed passwords and asked anyone who shared a password with someone else to change it.
If they're able to see passwords that's just bad security.
@Anarkat It's still unclear what is going on. I'm trying to get at whether they actually stored passwords or compared (unsalted?) hashes to see that there were too many weak ones.
A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.