Weird Idea of the Day
On a cryptography mailing list, someone asked how to check for "similar" passwords if all that was stored was a hashed value. The goal, of course, is to prevent people from doing things like adding a period, incrementing a digit, etc. Partly in jest, I suggested publishing the old password when a new one is set. That would also discourage people from using the same password for multiple services.
It’s an evil idea, of course — but now I’m wondering if it might actually make sense…