I've always been uncomfortable helping users with such a topic, and I really wish it were possible to verify if a user as legitimate or not. Perhaps we should distribute USB lie detectors?
Anyways, personally, I wont take part in it.
I think we should shy away from utilities that are available that show what the current password is, and especially tools that do more than just resetting the password.