I always thought using two password fields with simple words would be much harder to break than one field only (which can be used to really strange passwords but also for simples ones as we all know). Someone care to calculate how much it would take to break it?
Well it depends how it's stored, but assuming a fairly standard setup it wouldn't particularly help.
The main issue with website security isn't people brute forcing the website login box, it's people cracking the hashes after stealing them. So if you had two easy to crack hashes stored in the database, you crack them both and off you go.
Oh, I was (like the article) assuming you would concatenate both words (add a space or something else in between if you want) and it would be all stored in just one field. What about it?
