a minimum of 10 ?
I'd be happy if many websites didn't make 10 the maximum possible.
But yes, we need a Password Storage certification that tells us that a site has been controlled and certified for level A, B or C of protection, with A being the latest updated security technology, B would indicate somewhat average hashing and salting but with outdated encryption levels (like 56-bit today) and C being the equivalent of a text file with passwords stored in the clear.
Of course, the certification must be done by a trusted authority, and the level must be evaluated and updated regularly. Websites could only post the relevant certification after authorization by the certification authority.
That would help clear the waters somewhat, I think.