To be honest, I find having strict password requirements to
be an annoyance and not a benefit. I would say as a rule the
most reasonable is to just specify a length, maybe special
characters + alphanumeric. Anything more is asking for people
to write down their password, which defeats the whole purpose
of having secure passwords. I also hate having to change your
password every x days with the usual ridiculous set of rules
(e.g. cannot re-use the last 25 passwords) - again all that
does is force people to write the thing down so they don't
forget, at which point you might as well not ask
for a password at all.