Re: Don't Just Blame Users
Agreed. I have had sites reject random passwords with 'special' characters in them without any indication of the allowable character set. The error message - logs - have displayed the password string in full so just changing a bit here and there is not an option.
Desperation may lead you to 12345 just to move forward. Finding some way to go back and rectify that accommodation may be non-trivial.
So users should not shoulder all the blame here.