Our passwords are essentially Upper, lower, numeral, a special character required, and at least 12 characters long. At the time, I researched this, and anything less than 12 characters is not sufficient. If anyone disagrees with this, I'm open to suggestions, but you have to back it up with something from the security community.
I don't think this is unreasonable given that this is your ONE AND ONLY password. What we need is ways to recover the password in case you forget it, and yes this is something that is currently missing which we can add.