I'm tired of web sites inflicting known-bad rules on passwords. Like what characters are required, or minimum length.
https://pages.nist.gov/800-63-4/sp800-63b/passwords/
https://www.schneier.com/blog/archives/2024/09/nist-recommends-some-common-sense-password-rules.html
https://tuta.com/blog/minimum-password-length
TL;DR: don't require specific classes of characters, require at least 15 characters.
I'd go for a minimum length of at least 16, myself. Brute force guessing is a thing and is dealt with by using longer passwords.
Any web site that doesn't follow these is just security incompetent.