This is 2015 and I find it amazing that with all the standards bodies in the world, we have not all decided on a standardized pattern for what constitutes a password.

e.g.

- some sites require 8-12 characters. Why limit it to 12? - some sites require a number, a letter (upper and lower case), and some punctuation - some sites do not allow punctuation - some sites cannot handle upper/lower case

With the hundreds of passwords people have to remember, it is impossible to satisfy all the requirements. So that means it's impossible for many people to remember their passwords.

The worst possible violation of a secure password is to "write it down". This argument goes for password managers as well (which only work on the device that holds them). Same deal for having the browser remember your password. Not secure at all.

Banks and finance institutions are the worst offenders. They if anyone should be able to agree on what constitutes a password.

Passwords are with us for the long term. My mother is not going to use certificates to talk to her web banking.

And logging into Facebook is hardly a solution either. That's the last body that should be controlling authentication. Privacy? What's that?

So where are the global standards?

Ugh... Thanks for listening... Peter