Passwords don't require numbers, symbols, or capital letters, and they allow spaces. This allows the recent advice of using weird phrases instead of things resembling md5 hashes.
It's hard to remember "f5C3Ebd0cB" (10 characters) but pretty easy to remember "he sat atop London Bridge" (25 characters). The latter is also very hard for computers to guess.
Yes that is generally good advise for strong passwords. Especially
important for databases or any accounts that have important/ sensitive/
personal information. For a discussion site I don't think it's so essential
to have a super secure password, I find it a bit overkill to require such a
long password. Convenience and security both important, in this case I'd
rank security of my pw lower than almost any of my other passwords
Because I fell down the rabbit hole of reading blog post after blog post this afternoon, I came across one of my favorite blog posts from Jeff Atwood, the creator of Discourse (the platform this community uses), which should provide some context as to this site's password requirements:
He ran a survey at one point and asked people about common passwords. I was hoping that many would enter "CorrectHorseBatteryStaple", but never saw the data.