If I’m setting a password for my bank it’s probably more important that it’s hard to guess than my password for that takeaway place I signed up to once and will probably never order from again.

Honestly providing you have physical security writing your passwords down on a piece of paper isn’t insecure especially if your passwords are hard to guess

The passwords parameters should also be displayed on the login page. I have variations of passwords and don’t always remember the variation I used for account creation.

This isn’t the answer to your question, but I have an amazing password tip.
1. Pick your secret word
2. Use the site as the “bread” of your password sandwich
3. Pick your number / symbol at the end or beginning.

Example;

Reddit password will be

57RedSCOOTERdit?

Snapchat password will be
57SnaSCOOTERpchat?

Once you pick the combo of where you will put your secret word / number / character, you will never forget your password 🙂

Make sure your secret word is random & not your hometown or mom’s name or something.

If there was a standard, it would be obsolete within a short period of time or be so complex no one would be able to remember their passwords.

Passwords alone will never be that secure. This is why two factor authentication (2FA) is becoming quite popular.

How would this be implemented? There is no central service for managing passwords so every implementation is up to the service that is using the password.

What if one database doesn’t support a specific character but other databases do, do you just not support that database and *force* a service to switch databases or die (because they can’t have passwords if they don’t use this password requirement service), or do you let them determine their own requirements?

There are many forms of guidance on what password requirements *should* be, but you can’t enforce it if there is no central entity to do so.

Besides, if a US company starts up and somehow gets authorization to *require* US-based websites to use them for password guidance, that doesn’t mean other countries have to respect it.

On the other hand, if there *was* some sort of universal password system on all sites, hackers would know exactly what setup to target with any brute force hacking approach. Not to mention that people who are going to write down their passwords would probably otherwise have picked something really weak anyway, so it doesn’t make much difference.

[deleted]

There’s noone to implement this and each site has their own idea on the balance between security and convenience.

Is writing down passwords really a bad habit though? I think for personal stuff, writing them down at home makes sense – someone breaking into your house isn’t coming in for your passwords.

Because there’s so many web services that you’d need everyone to reporgram them. Not that it would be hard.

We more or less have a standard. Its 8 characters minimum with alfanumeric ( upper and lower)

Some password rules and reset rules become insane. Especially when you can’t counter your passwords and the site or application requires a password change every 90 days.

Best to write your passwords down. I write mine in code that only makes sense to me. For example, a password would be “regularshift51” I know what that means. No one else does.