These days, as far as the digital information exchange is concerned, there are standards for everything. No one actually follows these standards, but at least they are there. Which is why it is so surprising to me that there does not appear to be a standard for passwords. At least, in my brief Googling, I have found many different policies, but no one standard.

The problem is that while all of these different policies have the same goal in mind — forcing one to choose a strong password — they have different ideas of how that should be accomplished. Some of the constraints seem reasonable, while others may be less so. In the end, despite their similarities, these password policies are different enough, that they become mutually exclusive. This means that, as a user, I am forced to come up with a new password every time I register an account.

Now some may say that having separate passwords for all of one’s accounts is a great security feature. I disagree. Without thinking too hard, I can come up with at least two dozen passworded accounts. Financial institutions, email accounts, network access, work programs, hobby sites, this journal, and yes, even the weather channel, all have passworded accounts. There is no way that one can keep track of that many passwords!

Well, there are two, actually. One, you can be autistic, or two, you can write them all down — a password no-no! Aside from those two (poor) options, the only reasonable solution that I can imagine is to have my accounts share a handful of good, secure passwords. Unfortunately, this idea is difficult to put into practice, because there is no one password that is fits every password policy.

There should be a passwords standard. It should proscribe the length limits, the character sets, the acceptable combinations, and so forth. The goal of this standard should be “one secure key for all locks”. Not that I advocate using only a single password, but if I wanted to memorize one of the passwords generated by these guys, I should be able to do so!