Recently one of my e-mail accounts had an hiccup.
Seemingly the good guys (offering the account for free ) implemented a new password policy and (either because they made some BIG mess or because I did not promptly - or promptly enough - changed password/accessed the account) the result was that all stored e-mails were deleted.
No actual damage was done, as I had a copy of the "important" things and all that was lost was just the list of contacts (which I have mostly anyway).
But the actual new rules for the new password did make me a little bit perplexed:
Must be at least 8 characters long.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain at least one numeric character.
Must contain at least one special character.
Those might represent some good advice, and I would accept those as guidelines, but since it is my account, I would have preferred (since it stores nothing for which I have to worry, for privacy or other reasons) to have a plainer password, insecure as it might be, and having THEM prevent brute force attacks, NO MATTER the complexity of the password.
I looked a bit around, and it looks like I am not the only one in the world thinking along these lines.
I find both these articles to be worth reading (and representing some matter for thought)