Password strength metres are often wrong in their appreciation of what makes a password good. Often they ask you to pick special characters with little regard for how guessable your produced password is. See Telepathwords for an example of what an informed password strength metre should look like.
For instance, P@s5WorD. is considered very secure by most password strength metres, yet a good password cracking tool will always check for variations of a dictionary word (especially such a popular one as password), which means you haven't moved from an input space of 26 to 95, but rather an input space of 26 + a few tens of permutations per word in that input space. This is simply due to the way humans make passwords; we don't actually create random passwords because we wouldn't remember them.
A lot password research focuses on helping people create more complex passwords, remember longer passwords or even remember passwords by providing an image on the auth UI meant to act as a reminder, which often ignores the fact that people pick short and similar passwords to cope with the number of credentials they are required to deal with. People don't want to select a password based on some secret/hint your UI provides them, or longer or more complex passwords; they want to remember less and fewer passwords because they've had enough! See this paper from Sasse et al. on an authentication study done... on NIST employees. Also, there are some field studies on how many credentials people manage online (for instance the Floriencio and Herley 2007 paper, which is a bit old already; probably people have many more accounts by now).
Once you've realised that, and the fact that (not always encrypted) password databases get stolen on a daily basis (hence the main issue is not password strength but password handling and storage), you start understanding that the issue is most service providers have no clue why they apply a policy and just mimic whatever they see others do... perpuetating unusable and unscalable password requirements and policies over time.
There was an effort in the past to bring about federated identities with services such as OpenID but service providers preferred to retain control over their customers' identities for a handful of reasons, which means more different authentication interfaces and more passwords for users.
There are interesting initiatives out there to replace passwords (see Pico), but I'm afraid you shouldn't expect any industry improvement over night.