I've not heard of any standard for it, but my first thought would be to limit usernames to [a-zA-Z0-9_-]+ since they are often displayed, and allow anything at all in passwords (with the possible exception of whitespace) so people can have secure passwords.
You might also consider something like Data::Password::Check, although, while it looks like a good starting point, it could do with extra features (such as "password not based on a dictionary word". I don't know if better modules exist for that type of thing.