Let's say it is common to include a subset of the username in passwords. Doing so would decrease the password strength and be disallowed.
Also, you could look at certain usernames and compute likelihood of certain dictionary words, and disallow them. For example, a user named Bob might be unlikely to use spanish words in a password, but a user named Jose might be more likely.
Being aware of methods/info used by crackers when designing secure systems will lead to stronger systems.
Hard to argue against that.
> not silly password requirements
You don't think that password requirements help prevent breaches?
Try this: hook up a server to the internet that's open to ssh. If you look at the ssh login attempt logs, you'll notice that you constantly have people banging against it, trying to log in as root. Yes, password requirements are a small part of overall security, but they are very helpful.
