We might want to try thinking about the problem differently.
Almost all the code used for the usernames checks the internal database to see if someone else used that name and then rejects it or creates another for the user. Seems particularly trivial to use that rejection algorithm against the internal database of passwords for the purpose of not having even one password duplicate.
This isolates 'stupid' down to the fewest numbers possible.
Almost all the code used for the usernames checks the internal database to see if someone else used that name and then rejects it or creates another for the user. Seems particularly trivial to use that rejection algorithm against the internal database of passwords for the purpose of not having even one password duplicate.
This isolates 'stupid' down to the fewest numbers possible.