Online Customer Service
Ok, so I forgot my Google reader password a few minutes ago, so I decided to reset it. Easy, right? Well, I don't use Google for anything other than docs, code, and reader. So I'm not too worried about having an incredibly secure password. Sure, it's stronger than 12345 or my birthday, but it didn't exactly take me more than a few seconds to come up with it. So I type it in and hit enter, and then you know what Google does? Google has the audacity to tell me that my password is too weak. Who are they to tell me what I can and cannot have as my password? If I want to have an "easy to guess" password, then that's my prerogative. Seriously, it is none of Google's business what I have as my password.
Even earlier than this incident, I decided to look into order some tea online, and of course I have to create an account to order tea. Because it makes sense for a business to demand that I check my email inbox for their activation code so that they can make sure they can so graciously take my money. I couldn't even see what credit cards they accepted without creating an account or calling them.
I realize that the simple answer is to "stop being lazy" and just add a few numbers to the end of my password, or just autofill my information so I can see if the shop can take my credit card, but the point is that I am the customer and I should be able to utilize the product that I am paying for (I realize that I'm not directly paying Google, but they still need consumers to use their products if they want to make money). If I go to my local grocery store they don't tell me that I have to give them my name, address, and phone number, then tell me to go check my mailbox to verify that I am who I say I am before they accept my money. Online services are no different. If you want to prevent spammers, throw a recaptcha at the very tail end of the checkout.
Lesser Hivemind Node
Think about it. Google handles many millions of accounts. They hate spending any amount of resources on customer support. The stronger your password, the less likely it is to be hacked, the less likely you are to need support and, god forbid, human intervention. Decision-making at Google is done with algorithms. That's not a joke. In this case, there's an obvious correlation between password strength and account security.
Originally Posted by Kody94
The second example is clearly bullshit, though. Online retailers should be focusing on making the customer experience as easy as possible, and so many do a piss-poor job of that.
I understand Google's position, and I recognized that I was creating a potential security risk when the big PASSWORD STRENGTH bar said "weak", but I was shocked when it refused to let me choose my own password. That's simply unacceptable to me. Other website that I've been to have a similar password strength bar, but they just warn me, not force me to create a password that fulfills their demands.
Lesser Hivemind Node
Wait till google asks you for your phone number to verify your account in the future. No joke.
It's not just end-user support of the account they have to deal with, but also misuse of resources due to hacked accounts (e.g. spammers using hacked gmail accounts) and the associated security risks involved.
Originally Posted by TillEulenspiegel
As an aside, captchas are basically useless in stopping dedicated spammers (they are however useful in other ways, e.g. stopping/slowing down brute-force password attacks).