Well, I was thinking more along the lines of a set minimum of rules for a strong password policy. For example, anyone adhering to the hypothetical standard must require at least, say, 8 characters, accept spaces (pass phrases), support non-alphanumerical characters and agree to never send email conformations with passwords written in plain text.

But you’re correct in that, if the rules are too strict, then they would form an easy basis for crackers to use to narrow their algorithms.

It would be very easy to crack in once you have a *standard* set for the SECRET CODE.
May be with bio passwords in some years..

that could be possible and feasible i guess..