By mduigou on Feb 11, 2009
I'm getting really tired of every single website having it's own password policies. I'm sure everyone else is as well. About 10 years ago there was an effort by authors of Usenet client applications to develop a Good Netkeeping Seal of Approval. The practices it describes are intentionally minimal. The GNKSA doesn't specify how to write a Usenet reader but it does specify many important details that every client should follow.
This type of best practices effort for Internet applications is required now more than ever. It is incredibly frustrating that nearly every site and (ahem!) even different sites by the same company has a different policy for managing details such as permitted and acceptable passwords, account and password recovery mechanisms, email change policy, etc.