I've found that the more complicated you require a password, the more likely it will be written on a Post-It Note next to the user's monitor.
>The trade-off is password strength vs. ease of use. Obviously a longer password is more robust, especially if a combination of letters, numbers, and special characters is required. (That's a good idea anyway IMO). But as a user I hate having to type in a long password every time I use an application. The "sweet spot" for me is 8 characters.
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer