Users typically are authenticated to a networked application by providing a correct combination of a username and a password. Passwords are capable of providing adequate security for user authentication. Unfortunately, when users are permitted to set their passwords, the human element may result in passwords that are easily guessed or are susceptible to brute-force attack. This is because users will often select dictionary words and/or short passwords that are easy to remember and quick to enter.