(I think this fits within the rules, but if not, I respect the moderator's decision if it is dropped. I post it because I think maybe it might stimulate discussion about password complexity, which I claim falls under the realm of crypto.)

You are working for a fictional company that has issues with user accounts being hacked via password guessing attacks, yet the company has been cautious about usability concerns in improving their password policy. The current password policy is reflected below:

Passwords must:

• Be at least 6 characters in length
• Contain at least one number

You would like to advise a better policy, but one that does not substantially annoy users. You ponder in your head two options to provide to them:

Option 1: increase the password length to 8 characters and leave the composition rules unchanged, or

Option 2: keep the password length the same but change the composition rules to (in addition to including one number) also include at least one upper case character and at least one special character from the following list: ! @ # $ % ^ & * ( )

The puzzle has 3 parts:

• 1. In terms of brute force, which option is better?
• 2. How many possible combinations are there for option 1?
• 3. How many possible combinations are there for option 2?

HINT: For question 2, assume that the user will choose lower case letters and digits only (users will not use other characters if the policy does not mandate it). For questions 2 and 3, assume that the user chooses minimum length required by the password policy.

Option 3: Follow NIST Special Publication 800-63B

• no password complexity requirements
• minimum length 8 characters
• allow Unicode characters in your password (e.g. correct horse💩 battery staple)
• normalize spaces
• use NFC normalization (RFC7613 obsoletes RFC4013 SASLprep )
• no password hints
• no what was your first maiden names favorite pet color?

password guessing attacks

• Use a good password hashing algorithm (e.g. not encrypted, not MD5, not SHA-1, not SHA-2, not PBKDF2)
• check passwords against previous breach corpus
• password has to be estimated to take at least 50 years to crack
• pre-hash the password with SHA-256 to prevent a denial of service

tl;dr: Password complexity requirements are idiotic, and anyone still pushing them needs to be insulted and ignored. If you have a government auditor telling you otherwise, tell him to come talk to me.

Diceware

For the base case, the users will all choose "passw0rd", "iloveu2", or "123456". For the first option, they will need to instead choose "passw0rd", "iloveyou2" or "12345678". For the second option, they no longer have an all-numeric option, so they will all choose either "Passw0rd!" or "Iloveu2!".

Thus, the first option has more entropy than the second. As a bonus, the passwords it produces are less annoying to type.

One a related note, zxcvbn isn't perfect but it's probably better than rule-based composition.