I wonder whether the Steem password policy is right. The message from Steemit says: 'If you can remember the password, it is not secure". But from another point of view quite the opposite holds: 'If you can't remember the password, it is not secure". Because then you have to store it somewhere. It could be some secure place but which password would you use to access that place? I wonder how many users store their passwords just in the browser. I think, quite a lot because it is not convenient to copy-paste the password every time you log in.

But at least it saves the password from being stolen remotely, which is probably the main issue. Somebody has to have access to your local machine (at least) to steal it. But strong rememberable password would close this possibility as well. So it would be more secure.

That does not mean of course that every rememberable password is secure.