OK, I've changed the default password strength warning level to 1 (warn if the password is useless) and marked all the new methods as @since 3.4 and added @param comments to them. The diff is at the usual place. Assuming there aren't any objections, shall I go ahead and commit? Andrew