I have a handful of throwaway email accounts on my web host. As such, some passwords are pretty half-assed and they may even be things like AAA123456. Today I got an alert from the support team at my web host:
Our servers have detected the passwords of several of your email accounts are insecure. Because they include the u sername (sic) or domain in them. [Note: not the case]
Please change your passwords from your control panel and re-enable the accounts. Follow these steps to build a strong and secure password:
(typical secure password advice removed)
How do can you even tell that? Do you happen to be storing passwords in plain text instead of running them through a one-way algorithm as would be appropriate for a hosting industry of your caliber?
I can't wait to see what they reply, but it looks like I'll be changing providers soon...
===== UPDATE 1 =====
The server detects it automatically and modifies them, at no point we can see them because they are encrypted.
Yeah totally encrypted. With ROT13. TWICE!