Here’s how I look at security on the cloud as far as passwords go… I want the same password policy for the cloud as I would for any other public (external) facing service. “The Cloud” is, for now, a buzzword. You have public clouds and private clouds, private containing some of the same services we’ve made available for years now. When going public though you need to look at certain areas of security such as who owns the data and what are the policies regarding deletion, backup retention periods, things of that nature. Don’t forget to look at the same things you would look at with a local service when debating on the cloud and look at all security concerns as a service that is 100% public facing service and how you would handle them.