Just a quick little post while I work on other SEEKRIT—PROJEKTS…
Troy Hunt has put together a quick review of the state of password policies on various websites as part of his password renovation project subsequent to the Gawker fail.
http://www.troyhunt.com/2011/01/whos-who-of-bad-password-practices.html
Have a read, there is some great stuff in there. And if you are a developer of crap like these sites, get it together and read up over at OWASP.