These strong password requirements were not invented by evil
programmers designed to thwart the heroic efforts of usability
experts across the globe...
It is one of the minimum due diligence requirements (PCI) for
merchants who want to accept major credit cards online.
Reality Check - Card-issuing banks and VISA/Mastercard are NOT the
same thing.
While you are correct that two algorithms can measure the
strength/weakness of a password differently, the financial
responsibility is NOT ultimately with the user, but it rests
currently on the merchant and
