Re: "Could agree what makes a good password"
You've never seen a standards committee!
The couple I deal with (associated with ANSI) are fast compared to the BSI and ISO, and still produce standards that are impenetrable and late - though occasionally one does manage to escape.
Unfortunately standards committees tend to encourage architecture astronauts, and have a great deal of trouble simplifying things - one of the standards I've been waiting for has now been "in committee" for five years, with no sign that it'll be ready soon (part of the draft was radically changed about three months ago...)
PS: CE isn't a standard, it's a mark signifying compliance with the "appropriate" ones of several thousand different standards.