Passwords don't require numbers, symbols, or capital letters, and they allow spaces. This allows the recent advice of using weird phrases instead of things resembling md5 hashes.
It's hard to remember "f5C3Ebd0cB" (10 characters) but pretty easy to remember "he sat atop London Bridge" (25 characters). The latter is also very hard for computers to guess.